Open cwrau opened 6 years ago
Since this container relies on "acme.sh" and "certbot" ACME clients, it depends on how and when they will pick up ACME v2 API changes, and wildcard support in particular.
From https://certbot.eff.org/faq/#will-let-s-encrypt-issue-wildcard-certificates
Will Let's Encrypt issue wildcard certificates? Let’s Encrypt has announced wildcard support coming January 2018. Certbot plans to add support for wildcard certificates when Let’s Encrypt starts issuing them.
Right now, the container just passes domain(s) to acme/certbot CLI:
acme.sh -d example.com -d www.example.com
The simplest assumption on future wildcard support would be just using the same -d
argument. In this case, it's rather simple to support. But this is just an assumption, and we need to wait until it's released.
acme.sh -d '*.example.com'
Another note from LE announcement on wildcard certificates:
We will initially only support base domain validation via DNS for wildcard certificates, but may explore additional validation options over time.
It means, the container would need to add support for automatic dns-01
challenge method. Right now it uses http-01
challenge type using webroot
and standalone
modes. Adding dns-01
challenge is more complicated, because:
Conclusion:
dns-01
challenge method, which is not implemented by this container right now.dns-01
support (maybe for most commonly used DNS providers), but somewhat more complicated, than currently used dead simple http-01
.Thanks for the thorough answer! Guess I'll have to wait then ⏳ If I can help in any way, I'd be glad to do so
Hello there guys! Any idea about the resolution of this feature ? I would love to have wildcard certificate since I have automation process exposing many containers with different subdomains.Basically now I am creating certs for every container on start.... Thanks in advance!
@samoshkin Is there any update for this feature?
In February 2018 LetsEncrypt is adding wildcard subdomain support. It indicates this is accomplished via their ACME v2 API. Do we know what support will look like for this Docker container? Is this difficult to support and/or are there plans to support it?
Source