Letsencrypt - Now Wildcard Ready!

Forum for things that doesn't really have anything to do with hMailServer. Such as php.ini, beer, etc etc.
Post Reply
User avatar
Dravion
Senior user
Senior user
Posts: 1268
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Letsencrypt - Now Wildcard Ready!

Post by Dravion » 2018-03-23 07:42

Finally, ACME 2.0 is out and now we can enjoy one SSL-Certificate for all Subdomains instead of issuing or inserting every single host name
in one or multiple cert requests.

Let’s Encrypt takes free “wildcard” certificates live
https://arstechnica.com/information-tec ... ates-live/

But there is a little limitation, but iam absolutely fine with it
Yes, wildcard certs only work for direct subdomains, as you’ve noticed. If you wanted a cert to work on literally.nothing.works.wtf, you would need to get a cert for *.nothing.works.wtf. If you also want to serve stuff on a subdomain of works.wtf, you could also add *.works.wtf to the certificate
64-Bit builds of hMailserver

hMailServer-5.6.+ (HCD) https://github.com/hMailServer-ComDevs/hmailserver
hMailServer-5.6.+ (LTS) https://github.com/Dravion/hMailServer/releases

tunis
Normal user
Normal user
Posts: 199
Joined: 2015-01-05 20:22
Location: Sweden

Re: Letsencrypt - Now Wildcard Ready!

Post by tunis » 2018-03-23 17:55

You can only use DNS "TXT" record to verify.
In addition to the ACME v2 requirement, requests for wildcard certificates require the modification of a Domain Name Service "TXT" record to verify control over the domain.
HMS 5.6.8 B2437.17 on Windows Server 2016 Core VM.
HMS 5.6.7 B2425.16 on Windows Server 2012 R2 Core VM.

User avatar
katip
Senior user
Senior user
Posts: 615
Joined: 2006-12-22 07:58
Location: Istanbul

Re: Letsencrypt - Now Wildcard Ready!

Post by katip » 2018-03-23 18:58

tunis wrote:
2018-03-23 17:55
You can only use DNS "TXT" record to verify.
In addition to the ACME v2 requirement, requests for wildcard certificates require the modification of a Domain Name Service "TXT" record to verify control over the domain.
any idea how TXT must look like?
Katip
--
HMS 5.7.0-B2428-LTS-64-bit, MySQL 5.7.24, SA 3.4.2, ClamAV 0.101.2 + SaneS

User avatar
jimimaseye
Moderator
Moderator
Posts: 7860
Joined: 2011-09-08 17:48

Re: Letsencrypt - Now Wildcard Ready!

Post by jimimaseye » 2018-03-23 19:43

katip wrote:any idea how TXT must look like?
This site https://www.sslforfree.com/ guides you through a wizard and shows you what the DNs TXT records are to look like (if you choose that option)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
Dravion
Senior user
Senior user
Posts: 1268
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Letsencrypt - Now Wildcard Ready!

Post by Dravion » 2018-03-24 23:51

DNS TXT RR Records are the leat problematic ones. You simply can set any free text you want but ACME 2.0 needs a specficic TXT value. The benefit is, you can renew your ceets without setting up a vhost on your Webserver or specific folder structure.
64-Bit builds of hMailserver

hMailServer-5.6.+ (HCD) https://github.com/hMailServer-ComDevs/hmailserver
hMailServer-5.6.+ (LTS) https://github.com/Dravion/hMailServer/releases

Post Reply