Site icon Mr. 沙先生

Let’s encrypt 要支援 wildcard 了,還需要買憑證嗎 ?

Let’s Encrypt 這邊看到「Staging endpoint for ACME v2」準備要 release ACME API V2 版本,其中最大賣點就是支援 Wildcard certificates

The V2 API supports issuing wildcard certificates. To request a wildcard certificate simply send a wildcard DNS identifier in the newOrder request. Wildcard identifiers may only be authorized by DNS-01 challenge, so order authorizations corresponding to wildcard identifiers will only include a pending DNS-01 challenge. DNS names in certificates may only have a single wildcard character, and it must be the entire leftmost DNS label, for instance “*.example.com”. A single certificate can have wildcard DNS identifiers for multiple base domains.

 

現在憑證根本就是不要錢了,除了憑證信任廠商以外,其實直接用 Let’s Encrypt 在 Production 環境應該也沒什麼問題了。

 

但是 ACME v2 API 並不相容於 v1 API,所以要用 v2 API 的話工具要整個翻新並且重新授權。

Existing ACME accounts from the v1 API will work with the v2 API. Existing authorizations from the v1 API will not be usable with the v2 API, meaning that you will have to reauthorize all domains prior to issuance with the v2 API (note: this is not currently implemented in the staging API, so you may see some reuse there).

 

目前支援 ACME v2 API 的 Client tools 可以參考 ACME Client Implementations

 

大部分常用的 ACME v1 工具都有,但是要更新目前的工具至 v2。

 

Exit mobile version