[MCRed]

Does anyone know where one can get a free wildcard certificate? Need it for development and foo/bar/baz/biff.example.com change names regularly (they include the hash of the code commit) so I would like to get a *.dev.example.com wildcard cert. (one that won't give warnings that scare the business types who are testing the code, and won't understand what self-signed means.)

[toupeira]

If it's just for local development, you can make a self-signed certificate and add it as trusted to your browser(s).

[rckclmbr]

To anyone wondering, this is also what the "big boys" do, so dont feel like this is a hack. Most big companies have their own company root CA, and install that cert on their company computers. They then have all internal apps use a cert signed with that root CA (or derivative thereof)

[zorked]

And that's how the CA system is actually supposed to work. You add to the trust store those entities you trust rather than those that are trusted by the browser makers...

[tacticus]

I've been thinking about grabbing the last release of ngrok and some internal setup of lets encrypt or just wildcard to run something like that.

[shdon]

CloudFlare does that. You could run a self-signed certificate on your server, relying on the wildcard certificate CloudFlare generated to do its proxying of your domain.

[moatra]

Amazon Cetrificate Manager seems to do this, but it's only available in one region right now.

[AcidBurn]

Other than Amazon Certificate Manager as moatra mentions (which I don't think let's you export the certificate), I don't think there is currently an option for free wildcard certificates.

As an alternative you could incorporate provisioning of a Let's Encrypt certificate for the new subdomain into your deployment process since the process is designed to be automated.

[iancarroll]

Current rate limiting wouldn't really make it possible, unfortunately.

[x0]

Not if you have more than five subdomains, you have to wait for a week, like me.

[detaro]

... if you need a different certificate for each subdomain. You are limited to 5 certificates per domain per week, each of which can be valid for many subdomains. Bad if you want to be able to add them dynamically every time a new name comes up, but if it is a static set...

[mitchty]

I used SubjectAltNames on my setup. One domain/one cert, though I only did 2 subdomains.

[heinrich5991]

You could automate getting Let's Encrypt certificates, so it can automatically generate a certificate for each domain.

[regecks]

You will run into rate and other kind of limits if you issue many names for a single TLD+1 name. Constantly ran into this while developing a plugin for cPanel.

[scrollaway]

You can get sub-€100/year wildcard certs on gandi.net (free the first year for their own domains I think?), which shouldn't be a problem for a business expense.