2021-09-01
Wildcard certificates and zerossl via acme protocol
I'm personally not a huge fan of wildcard TLS certificates (risks with reuse of the private key) so I didn't try those yet, but based on my experiences with certificates with multiple names with zerossl I got a response: Stephen Harris on Twitter: Do they support wildcards and I just had to try. And it works! I requested a certificate:
Requested Extensions: X509v3 Subject Alternative Name: DNS:gosper.idefix.net, DNS:*.gosper.idefix.netAnd indeed it worked:Issuer: C = AT, O = ZeroSSL, CN = ZeroSSL ECC Domain Secure Site CA Validity Not Before: Sep 1 00:00:00 2021 GMT Not After : Nov 30 23:59:59 2021 GMT Subject: CN = gosper.idefix.net [..] X509v3 Subject Alternative Name: DNS:gosper.idefix.net, DNS:*.gosper.idefix.netSo that works too! The choice for gosper.idefix.net is because I already had dns records setup for dns-01 based verification of that name.
I'm personally not a huge fan of wildcard TLS certificates (risks with reuse
of the private key) so I didn't try those yet, but based on my experiences
with