Let’s Encrypt, the non-profit certificate authority, has announced that wildcard certificates and ACMEv2 will now be supported. With this announcement, Let’s Encrypt takes a step ahead to make HTTPS adoption easier and to make the web a more secure place.
Wildcard certificates work same way as typical SSL certificates, but allow a website to secure multiple sub-domains of the main domain with a single SSL certificate. For example, for a website ‘domain.cxm’, a Wildcard SSL certificate can secure ‘blog.domain.cxm’, ‘login.domain.cxm’, ‘newsroom.domain.cxm’, etc.
“Wildcard certificates can make certificate management easier in some cases, and we want to address those cases in order to help get the Web to 100% HTTPS. We still recommend non-wildcard certificates for most use cases,” wrote Josh Aas, ISRG Executive Director in Let’s Encrypt blog.
Currently, there are more than 53 million active Let’s Encrypt certificates on the web.
Let’s Encrypt has also launched version 2 of ACME (Automatic Certificate Management Environment) protocol. ACME is a communication protocol used to automate the interactions between a certificate authority and its users’ web servers, making automated deployment of public key infrastructure possible at a very low cost.
The authorization/issuance flow in ACMEv2 is faster than its v1 version. Let’s Encrypt has changed the JWS request authorization in v2, along with ability to rename directory endpoint/resource and URL in challenge resources.
In ACMEv2, the ‘resource’ field of JWS (JSON Web Signature) request bodies has been replaced by a new JWS header. Users will be able to create account and ToS (terms of service) agreement in a single step rather than two. ACMEv2 aims at making the management of certificates easier.
The websites who want to implement Wildcard certificates will need to use ACMEv2. Let’s Encrypt has not stopped ACMEv1 yet, since a lot of subscribers use this protocol.
The requests for Wildcard certificate will need websites to modify the DNS (Domain Name Service) TXT record, to prove domain ownership.