AGWA
commented
3 months ago Hi @bdwilson, the open source Cert Spotter doesn't do expiration monitoring.
As for the commercial version, you can manually tell Cert Spotter about each hostname that uses the wildcard certificate, and Cert Spotter will monitor each one separately for expiration. There is no way for Cert Spotter to discover the hostnames automatically when a wildcard certificate is used.
Since wildcard certificates have a 1 to many relationship, is there an ability to discover where certificates are installed so that you could map wildcard expirations to specific endpoints? I have a situation where there are multiple, over-lapping wildcards so understanding where they are installed is critical for the renewal to be done in all locations.