Add support for wildcard certificates

Question

Add support for wildcard certificates

casperOne opened this issue 7 years ago · 15 comments

casperOne commented 7 years ago

It was announced that Let's Encrypt now supports wildcard certificates.

Support for wildcard certificates would be a great addition (although can currently be worked around, of course).

https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579

Answer 1 · 2018-03-17T13:31:03.000Z

We would have to wait for support from the underlying library: sjkp/letsencrypt-siteextension#183.

Feel free to upvote that issue to catch Simon's attention...

Answer 2 · 2018-09-19T04:23:52.000Z

This is exactly why this should not be the supported Microsoft way of doing this, as making your official supported path rely on the free time of an open source developer is not ideal for production.

Answer 3 · 2018-09-24T20:10:32.000Z

@elucidsoft for what it's worth, I'm working on letsencrypt-webapp-renewer on my own free time as an open source developer too (my capacity as a Microsoft employee has nothing to do with this project).

Answer 4 · 2018-09-24T21:05:29.000Z

My point was, the uservoice request wanted official support. To list this as the resulution to that request is not what we wanted.

Answer 5 · 2019-01-31T20:34:10.000Z

@ohadschn An updated nuget package for letsencrypt.azure.core has been posted (see sjkp/letsencrypt-siteextension#183 (comment))

It should hopefully unblock this issue. Do you want a PR for it (I haven't tried it yet) or are you happy to make the changes yourself?

Answer 6 · 2019-02-24T12:56:51.000Z

@rbanks54 thank for letting me know, I'll take a look, don't think a PR will be necessary :)

Answer 7 · 2019-03-02T15:56:34.000Z

So reading the info on the other thread, it looks like I'll need to use LetsEncrypt.Azure.Core.CertificateManager.CreateAzureDnsWebAppCertificateManager here instead of CreateKuduWebAppCertificateManager (because the DNS challenge is necessary for wildcard certs). Will have to see how I test that...

Answer 8 · 2019-03-08T13:15:43.000Z

When this is complete, will we be able to issue non-wildcard challenges via DNS?

The use case I have is an app in a docker container behind a custom DNS name; getting the file for HTTP validation into the container is a pain, to say the least.

Answer 9 · 2019-03-10T11:52:16.000Z

@casperOne sure, no reason to couple the two (even though DNS challenge is mandatory for wildcards)

Answer 10 · 2019-04-17T17:49:57.000Z

Just curious if the support for wildcard certs has been completed or still being worked on

Answer 11 · 2019-04-23T13:35:13.000Z

@Skeletor11 I'm looking at it. Love the alias BTW

Answer 12 · 2019-04-26T12:49:08.000Z

Looks like I'm currently blocked: sjkp/letsencrypt-siteextension#183 (comment)

Answer 13 · 2019-04-29T08:29:08.000Z

Looks like there's a new NuGet version that unblocks this: https://www.nuget.org/packages/LetsEncrypt.Azure.Core.V2/

Answer 14 · 2019-10-26T12:33:33.000Z

So unfortunately it turns our that while that version unblocks the ACME V2 part, it removes the DNS challenge part which is also needed for wildcard certs. Tracked here: #91.

Answer 15 · 2020-05-16T12:41:27.000Z

Implemented in the newest release: https://github.com/ohadschn/letsencrypt-webapp-renewer/releases/tag/1.0.5