Letsencrypt - Now Wildcard Ready!

Forum for things that doesn't really have anything to do with hMailServer. Such as php.ini, beer, etc etc.
Post Reply
User avatar
Dravion
Senior user
Senior user
Posts: 1169
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Letsencrypt - Now Wildcard Ready!

Post by Dravion » 2018-03-23 07:42

Finally, ACME 2.0 is out and now we can enjoy one SSL-Certificate for all Subdomains instead of issuing or inserting every single host name
in one or multiple cert requests.

Let’s Encrypt takes free “wildcard” certificates live
https://arstechnica.com/information-tec ... ates-live/

But there is a little limitation, but iam absolutely fine with it
Yes, wildcard certs only work for direct subdomains, as you’ve noticed. If you wanted a cert to work on literally.nothing.works.wtf, you would need to get a cert for *.nothing.works.wtf. If you also want to serve stuff on a subdomain of works.wtf, you could also add *.works.wtf to the certificate
64-Bit builds of hMailserver

hMailServer-5.6.+ (HCD) https://github.com/hMailServer-ComDevs/hmailserver
hMailServer-5.6.+ (LTS) https://github.com/Dravion/hMailServer/releases

tunis
Normal user
Normal user
Posts: 198
Joined: 2015-01-05 20:22
Location: Sweden

Re: Letsencrypt - Now Wildcard Ready!

Post by tunis » 2018-03-23 17:55

You can only use DNS "TXT" record to verify.
In addition to the ACME v2 requirement, requests for wildcard certificates require the modification of a Domain Name Service "TXT" record to verify control over the domain.
HMS 5.6.8 B2437.17 on Windows Server 2016 Core VM.
HMS 5.6.7 B2425.16 on Windows Server 2012 R2 Core VM.

katip
Senior user
Senior user
Posts: 545
Joined: 2006-12-22 07:58
Location: Istanbul

Re: Letsencrypt - Now Wildcard Ready!

Post by katip » 2018-03-23 18:58

tunis wrote:
2018-03-23 17:55
You can only use DNS "TXT" record to verify.
In addition to the ACME v2 requirement, requests for wildcard certificates require the modification of a Domain Name Service "TXT" record to verify control over the domain.
any idea how TXT must look like?
Katip
--
HMS 5.6.7-B2425, MySQL 5.5.46, SpamAssassin 3.4.2, ClamAV 0.99.2 + SaneS & SecuriteI

User avatar
jimimaseye
Moderator
Moderator
Posts: 7766
Joined: 2011-09-08 17:48

Re: Letsencrypt - Now Wildcard Ready!

Post by jimimaseye » 2018-03-23 19:43

katip wrote:any idea how TXT must look like?
This site https://www.sslforfree.com/ guides you through a wizard and shows you what the DNs TXT records are to look like (if you choose that option)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
Dravion
Senior user
Senior user
Posts: 1169
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Letsencrypt - Now Wildcard Ready!

Post by Dravion » 2018-03-24 23:51

DNS TXT RR Records are the leat problematic ones. You simply can set any free text you want but ACME 2.0 needs a specficic TXT value. The benefit is, you can renew your ceets without setting up a vhost on your Webserver or specific folder structure.
64-Bit builds of hMailserver

hMailServer-5.6.+ (HCD) https://github.com/hMailServer-ComDevs/hmailserver
hMailServer-5.6.+ (LTS) https://github.com/Dravion/hMailServer/releases

Post Reply