|
|
|
|
|
|
by Gregordinary
3933 days ago
|
|
|
Not sure if they'll amend their certificate policy or not. My guess is because their process is automated, they want to confine their certificate issuance to specific domains/sub-domains and not wildcards. It mitigates some repercussions in the event of a compromised cert. Pg. 24 of the Certificate Policy: For DV-SSL The Issuer DN of a DV-SSL Certificate shall be its Issuer’s subject DN. CAs shall include FQDNs or IP Addresses of the Device in the subject Alternative Name extension. The Subject Alternative Name extension may contain more than one instance of the name form. CAs may include a FQDN or IP Address in the subject DN for backwards compatibility, but this name shall be also included in the Subject Alternative Name extension. Wildcard names are not permitted https://letsencrypt.org/documents/ISRG-CP-May-5-2015.pdf |
|
|