[pytrin]

Does this support wildcard subdomains? If not, would you be willing to add such support?

[toupeira]

This uses LetsEncrypt which doesn't support wildcard certificates yet:

> Will Let’s Encrypt issue wildcard certificates?

> We currently have no plans to do so, but it is a possibility in the future. Hopefully wildcards aren’t necessary for the vast majority of our potential subscribers because it should be easy to get and manage certificates for all subdomains.

From https://community.letsencrypt.org/t/frequently-asked-questio...

[pytrin]

Unfortunately, that doesn't work with dynamic subdomains (i.e, domains assigned and edited by users). Hopefully they'll change their minds in the future - until then, I'll be paying for a commercial certificate

[dyladan]

You could always script the letsencrypt API and generate a new certificate on each subdomain generation.

[pfg]

That's correct, however there are rather aggressive rate limits in place right now that would make this hard for your typical SaaS-on-a-subdomain deployment if you have more than ~5 new signups per week. Plus, if SAN support is a concern, wildcards are preferable too.

[jrochkind1]

The rate limits[1] I see documented are 500 registrations per 3 hours. That's a lot more than ~5 new signups per week. More like ~16800 new signups per week, no?

[1] https://community.letsencrypt.org/t/rate-limits-for-lets-enc...

[pfg]

Certificates/Domain is the one that would affect this use-case the most. It's set to 5 certificates per domain per week. More specifically, it's certificates per TLD+1, so one certificate for customer1.example.com and one for customer2.example.com would put your rate limit for example.com at 2, thus limiting you to 5 signups per week unless you spread your SaaS over multiple TLD+1's.

[x0]

5 certs per domain name per week. I'm currently rate limited, I should be able to get my www covered in 6 days.

[novaleaf]

i almost went down this route, then realized I could avoid all this R&D and just pay $40 for a wildcard cert.

[pytrin]

$40? I paid over $90 for mine. Can I ask where you got it from?

[mfkp]

https://www.ssl2buy.com/alphassl-wildcard.php

Here's where I got mine, works great.

[novaleaf]

as mfkp said, that's where I got mine too.

Important though, for compatability with firefox and some other browsers, you'll need to copy the intermediate cert to the end of the cert file. it works fine with 2 certs in the file, just put the intermediate at the end.

[gaia]

Having only a half a dozen subdomains, with maybe another half a dozen being added per year (well below the limits), are there any advantages to using a wildcard cert VS individual certs for the subdomains? In other words, any way to justify the extra $30/year for a wildcard cert?

[thecrazyone]

If you're thinking you're going to use LE, they're rate limits which make individual certs for sub domains unreasonable