mcr
commented
1 year ago There are two kinds of wildcards.
- DNS wildcards.
- wildcards in certificates
ACME allows for wildcard certificates to be issued. It performs an authorization at the "parent" domain. (RFC8555 section 7.1.3). I don't know if this actually implemented in the field.
When DNS has a wildcard, it will return any answer, so if one has a wildcard entry, one puts the authorization above that point anyway.
Wildcards?
It is unclear to me how DNS wildcards, eg "*.nohats.ca" should be handled? Do they fall within the permissions granted by "subdomainAuthAllowed"?