The nonprofit certificate authority, Let’s Encrypt took its promised service live by offering free “wildcard” certificates for all sites. This popular certificate authority had promised in July 2017 to deliver a service that would enable any Internet user to secure their HTTP connections for entire domains with free of cost.
A wildcard certificate enables you to secure all the sub-domains of a master domain with a single certificate. Certificate management can be easier with wildcard certificates in some cases.
Along with making this service live, a new version of the Automated Certificate Management Environment (ACME) protocol was also unveiled. It can be used by various client software packages to verify the certificate requests with automation.
Josh Aas, the Executive Director of the Internet Security Research Group (ISRG), the group behind Let’s Encrypt, declared that the updated version of ACME protocol, ACME v2 has gone through the IETF standards process. ACME v2 won’t be in its final form yet, since it is currently a draft Internet Engineering Task Force standard. But the current version was launched by taking the feedback from organizations and industry experts that might want to use this protocol for issuance and management of certificate at any time.
In addition to the requirement of ACME v2, the wildcard domains need to be validated using the DNS-01 challenge type. This means a Domain Name Service “TXT” record modification is required for verifying control over the domain. This is a similar technique used by Google and other service providers for proving domain ownership. But the hosting providers that offer DNS services can automate much of this process. Those using the ACME v2 endpoint can request up to 300 wildcard certificated per three hours which allows the hosting provider to handle requests of customers who don’t have shell access to their sites.
There are several web hosting providers that already support Let’s Encrypt certificate registration with different limitations. Tumblr, WordPress.com, and other few blog platforms also directly support the integration of Let’s Encrypt certificate for users with custom domain.