Let’s Encrypt takes free “wildcard” certificates live

  News
image_pdfimage_print
Enlarge / Now everyone can have this in front of all the sites in their domain with one step, for free.

In July of 2017, the nonprofit certificate authority Let’s Encrypt promised to deliver something that would put secure websites and Web applications within reach of any Internet user: free “wildcard” certificates to enable secure HTTP connections for entire domains. Today, Let’s Encrypt took that promised service live, in addition to a new version of the Automated Certificate Management Environment (ACME) protocol, an interface that can be used by a variety of client software packages to automate verification of certificate requests.

ACME version 2 “has gone through the IETF standards process,” said Josh Aas, executive director of the Internet Security Research Group (ISRG), the group behind Let’s Encrypt, in a blog post on the release. ACME v2 is currently a draft Internet Engineering Task Force standard, so it may not yet be in its final form. But the current version is the result of significant feedback from the industry. And its use is required to obtain wildcard certificates.

In addition to the ACME v2 requirement, requests for wildcard certificates require the modification of a Domain Name Service “TXT” record to verify control over the domain—a similar method to that used by Google and other service providers to prove domain ownership. But much of this can be automated by hosting providers that provide DNS services. A single Let’s Encrypt account can request up to 300 wildcard certificates over a period of three hours, allowing a hosting provider to handle requests for customers who may not have shell access to their sites.

Many hosting providers already support the registration of Let’s Encrypt certificates to varying degrees. WordPress.com, Tumblr, and a few other blog platforms already directly support Let’s Encrypt certificate integration for users with custom domains. But Let’s Encrypt’s free certificate offering hasn’t been snapped up by some larger hosting providers—such as GoDaddy—who also sell SSL certificates to their customers.

https://arstechnica.com/?p=1274743