undefined | Better HN

0 pointsmikeash10y ago0 comments

Are wildcard certs still necessary if you can get a cert issued automatically with no delay?

0 comments

2 comments · 1 top-level

ytjohn10y ago· 1 in thread

Probably not for most use cases, but definitely if you have a dynamic host-based addressing scheme. In fact, my company uses a wildcard for an S3 compatible object storage service we've built in house.

A wildcard cert for example.com covers any <bucketname>.example.com our users create. Going round trip on requesting and issuing certs for each bucket would add significant delays.

mikeashOP10y ago

Makes sense. I can't quite figure out Let's Encrypt's (what an odd construction) policy on ultimately supporting wildcard certificates, but it sounds like they're generally opposed but not completely decided. Maybe they'll end up supporting it eventually.

j / k navigate · click thread line to collapse