[talk] SSL certificates
Mike Burns
mike+nycbug at mike-burns.com
Tue Sep 12 13:47:06 EDT 2017
On 2017-09-12 17.10.35 +0000, Mark Saad wrote:
> On 09/12/2017 07:38, Michael W. Lucas wrote:
> > Out of curiosity: any real-world reason not to do Let's Encrypt?
> >
> This is a commercial setup, from what I remember LE is for
> non-commercial setups.
Let's Encrypt is for all domain names.
https://community.letsencrypt.org/t/are-they-limitations-on-who-can-use-lets-encrypt/687
> Also I need to get two wild cards - one for *.mydomain.xxx and
> *.yyy.mydomain.xxx and I dont think LE can do the latter.
This is true: it does not support wildcard certs. Instead it offers a
way to programmatically generate a cert instantly. So instead of using a
wildcard, you could generate the certs for every subdomain, on demand,
from a script.
I'm curious -- is there a case where wildcard TLS certs are needed in
the face of instant, programmatic certs?
LE does not offer EV certs. If you need that, LE cannot help.
---
It's worth noting that OpenBSD ships with acme-client(1). It has
additional limitations due to programmer time.
-Mike
More information about the talk
mailing list