Let's Encrypt will start issuing wildcard certificates in January 2018

One of the limitations of Let's Encrypt, a free certificate authority, is that it does not issue wildcard certificates to subdomains (see the “ Complete Guide to Switching from HTTP to HTTPS ”). Such certificates cover the main domain, as well as an unlimited number of subdomains ( *.example.com ) - for example, example.com , www.example.com , mail.example.com , ftp.example.com , etc. Some certification authorities sell such certificates from $ 475 per year . Let's Encrypt will issue them for free.

The Let's Encrypt service is provided by the Internet Security Research Group (ISRG). Yesterday she reported good news: wildcard-certificates will start issuing in January 2018 ! Such certificates were one of the most requested features that users mentioned. In fact, in some cases it is much more convenient to use wildcards (* .example.com) than to list each domain separately, which is allowed by the standard Let's Encrypt DV certificates. In some cases, this simplifies the transition to HTTPS, and in fact a universal transition to encryption is the main goal of the project Let's Encrypt, which acts for the public good and lives on donations . In the end, 100% of the web should be encrypted by our joint efforts.

At present, Let's Encrypt protects about 47 million sites with the help of an automated service for issuing and renewing short-term DV certificates and using an API for managing them. Thanks to this service, not least, the share of HTTPS traffic on the Internet has grown from 40% to 58% (in the number of page loads) since We Encrypt started working in December 2015.

Wildcard-certificate protects an unlimited number of domains, in this its advantage over the DV certificate, where there is a limit on the maximum number of added domains. Thus, it is enough to generate one single key pair and get one certificate - and then you can create as many subdomains as you want, for which this certificate will automatically apply.
')
Wildcard certificates will be issued free of charge via the future ACME v2 API Endpoint interface, which will also begin work in January 2018. At the moment, Let's Encrypt is working on ACME v1 protocol. Although this is an open protocol developed by Mozilla, the University of Michigan, and the Electronic Frontier Foundation, ACME v2 will be adopted as the IETF standard. In addition, ACME v2 is designed for use in other certificate authorities and has a number of tainic advantages over ACME v1.

At first, let's verify subdomains for Let's Encrypt wildcard certificates via DNS, but over time other verification options will be added. You can ask any questions about new types of certificates on the Let's Encrypt forums .