LetsEncrypt Added support for wildcard certificates will EE work for subdomain now?


#1

This question had been asked again & again in this forum. but the answer to that previously was that it was very tedious and cumbersome process to set things as previous Letsencrypt didn’t issue Wildcard certificates.

But now Letsencrypt has officially launched Wildcard certificates and is available for public testing.

Source: Lets Encrypt Wildcard Certificates Coming Jan 2018

My question is will easy engine support Wildcard certificate issuing, because now letsencrpyt supports it now?

What are the things that would be needed to alter or modified so that it EE supports that functionality.

PS: Need EE to support Letsencrypt for Multiple domains on a single server, but that was not possible earlier, hence i used to take up multiple small aws servers rather than a big server.

So if EE was to support Letsencrypt and multiple domain setup; we could easily use a dedicated CDN with cloudflare enable at full SSL.

User Case: I was able to use AWS Cloudfront + Cloudflare on the first domain that was installed via EE and letencrypt; however later installed multiple domains but they all had the first domain ssl enabled while detected using curl.

Normally they(sites) all work fine, but with cdn trying to get pull data, due to https validation for certs, sites tell those cdns that my site are using invalid letsencrypt ssl cert, so they have arent able to reach the origin.

However the site 1 work all well.

Summarizing, with introduction of multiple domain and subdomain letsencrypt support for EE can really benefit a lot of people.


#2

@ashishdungdung we will be happy to accept a PR for this in EE v3 for this.

We have a set an internal release date for EEv4 so entire team is busy on it.

So its unlikely we would be able to handle this in EE v3. But we will surely handle this in EE v4. :slight_smile:


#3

Hello @ashishdungdung,

Let’s Encrypt was already providing a solution with SAN support on their SSL certificates.

You can add up to 100 sub-domains in a single SSL certificate with SAN support, it only require to generate a CSR file and to run cerbot with the CSR.

For example, on our website, we use the same certificate for all our subdomains (kb, chat, app …).

I will release a new tutorial in our knowledgebase (as soon as our new design is deployed) about acme.sh client , because it’s the easiest letsencrypt client I have found, it already support ACMEv2 Protocol and provide awesome features like Cloudflare DNS validation to generate a certificate or custom port support for standalone validation.

But Wildcard SSL automation will not be the easiest part in EE because DNS validation will be required to issue a certificate, and settings or API will be different for each hosting provider.


#4

I understand about the validation part, thanks for informing about the script though. Would try on my test servers.

I’m looking forward to that tutorial. Kindly list that in EE as a new topic too. :slight_smile:

Previously i have used your listed guides, and they are really well documented and easy to understand.

Thanks for that.


#5

Hello @virtubox what is the difference between “letsencrypt” (command) and the mentioned “acme.sh” (shellscript)? Looks similar for me at first sight, what is the main difference here?


#6

Hello @ingobaab, currently acme.sh is one of the 4 client compatible with the ACME v2 protocol. It doesn’t require to sudo or root permissions. Personally, I use the Cloudflare DNS mode with custom CSR to use the SAN support.


#7

Hey there, do you have an update regarding the tutorial? I see that you have already updated a tutorial as Install your Let’s Encrypt SSL certificate with acme.sh. Was this one the tutorial that you were talking about.

What I want to do now is, issue lets encrypt cert for these configurations:

domain.com domain2.com domain3.com domain4.com sub.domain.com sub.domain2.com sub.domain3.com sub2.domain.com

So will that be possible now ?

I wish to use it with Cloudflare DNS with probable DNS validation so that All the Domains using LetsEncrypt cert will be able to utilize Amazon CloudFront CDN; as already stated that; seemingly Amazon CloudFront validates if the site is using a cert or not.

However in my case; only the first domain seemed to have a valid cert according to the curl check; Hence only 1st domain cert was found to be validated; and usable with CDN’s.

Can you help me out with your example as you stated that you are too using Cloudflare DNS Mode with custom csr to use SAN supp !

How complicated is it to able to configure in a fresh and new installation; or will it be easy to teach or convey it to someone without much basic knowledge.


#8

Instructions to issue Wildcard SSL Certificates with acme.sh are now available on my tutorial :


#9

@virtubox thanks for your tutorial. Just wanna is your tutorial still working for current time?


#10

Hello @Louiss,

yes, my tutorial is still working, and I have published a new one about Wildcard SSL Certificates :


Installing LetsEncrypt on subdomains for WP multisite with subdomain configuration
#11

@virtubox wow. That’s great! Do you think any chance we can connect cloudflare with this wildcard ssl as well?


#12

Yes, you will just have to set the SSL level to Full


#13

Awesome, I hope.

Can this be used easily with easyengine v3.x ? If so, what are the things to look out for?

Terence.

P.S. I just found this – https://github.com/VirtuBox/ubuntu-nginx-web-server – and all my Christmases have come at once, I think.