Add support for wildcard certificates

[casperOne]

It was announced that Let's Encrypt now supports wildcard certificates.

Support for wildcard certificates would be a great addition (although can currently be worked around, of course).

https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579

[ohadschn]

We would have to wait for support from the underlying library: https://github.com/sjkp/letsencrypt-siteextension/issues/183.

Feel free to upvote that issue to catch Simon's attention...

[elucidsoft]

This is exactly why this should not be the supported Microsoft way of doing this, as making your official supported path rely on the free time of an open source developer is not ideal for production.

[ohadschn]

@elucidsoft for what it's worth, I'm working on letsencrypt-webapp-renewer on my own free time as an open source developer too (my capacity as a Microsoft employee has nothing to do with this project).

[elucidsoft]

My point was, the uservoice request wanted official support. To list this as the resulution to that request is not what we wanted.

[rbanks54]

@ohadschn An updated nuget package for letsencrypt.azure.core has been posted (see https://github.com/sjkp/letsencrypt-siteextension/issues/183#issuecomment-455763588)

It should hopefully unblock this issue. Do you want a PR for it (I haven't tried it yet) or are you happy to make the changes yourself?

[ohadschn]

@rbanks54 thank for letting me know, I'll take a look, don't think a PR will be necessary :)

[ohadschn]

So reading the info on the other thread, it looks like I'll need to use LetsEncrypt.Azure.Core.CertificateManager.CreateAzureDnsWebAppCertificateManager here instead of CreateKuduWebAppCertificateManager (because the DNS challenge is necessary for wildcard certs). Will have to see how I test that...

[casperOne]

When this is complete, will we be able to issue non-wildcard challenges via DNS?

The use case I have is an app in a docker container behind a custom DNS name; getting the file for HTTP validation into the container is a pain, to say the least.

[ohadschn]

@casperOne sure, no reason to couple the two (even though DNS challenge is mandatory for wildcards)

[Skeletor11]

Just curious if the support for wildcard certs has been completed or still being worked on

[ohadschn]

@Skeletor11 I'm looking at it. Love the alias BTW

[ohadschn]

Looks like I'm currently blocked: https://github.com/sjkp/letsencrypt-siteextension/issues/183#issuecomment-486741035

[ohadschn]

Looks like there's a new NuGet version that unblocks this: https://www.nuget.org/packages/LetsEncrypt.Azure.Core.V2/

[ohadschn]

So unfortunately it turns our that while that version unblocks the ACME V2 part, it removes the DNS challenge part which is also needed for wildcard certs. Tracked here: https://github.com/ohadschn/letsencrypt-webapp-renewer/issues/91.

[ohadschn]

Implemented in the newest release: https://github.com/ohadschn/letsencrypt-webapp-renewer/releases/tag/1.0.5