Let's Encrypt announced yesterday that their ACMEv2 API is now live and with it comes the ability for users to get free wildcard certificates. This has been a long awaited feature as wildcard domain certificates are much more expensive then regular single host certificates and it also makes managing SSL certs for a domain much easier.

Wildcard certificates allow a single certificate to work with multiple subdomains of a particular domain. For example, if I had a wildcard certificate for the domain bleepingcomputer.com, that single certificate could be used for www.bleepingcomputer.com, test.bleepingcomputer.com, example.bleepingcomputer, and any other subdomains. If a domain owner does not have a wildcard certificate then they need to get one for each subdomain they operate, which for larger organizations could become a management nightmare.

The availability of this feature comes with the release of version 2 of the ACME API, or Automated Certificate Management Environment, which is a protocol developed by Let's Encrypt and the Internet Security Research Group that allows for the automated issuance and installation of SSL certificates. As wildcard domains are not supported in ACMEv1, users who wish to utilize wildcard certs must upgrade to a client that supports ACMEv2. Thankfully, Let's Encrypt has posted a list of ACMEv2 support clients.

For those who wish to utilize Let's Encrypts's free wildcard certificate offering, they will need to authenticate their ownership of a domain using a DNS-01 challenge. This type of challenge is when Let's Encrypt issues a token associated with the domain that you are trying to issue a certificate for and this token must be placed in the domain owner's TXT DNS record for that domain.  Doing this proves to Let's Encrypt that you own the domain and thus are allowed to receive a wildcard certificate for it.

The ability to get free single server SSL certificates and now wildcard certificates brings the Internet one step closer to running entirely over HTTPS. For those who are new to Let's Encrypt and would like to learn how to get started, they have a tutorial available on their site.

Related Articles:

Let's Encrypt Is Now Officially Trusted by All Major Root Programs