At FastComet, we’re committed to protecting our customers’ online business, while delivering secure and blazingly fast sites. That’s why we are happy to announce that FastComet has made yet another step forward to that.
First announced back in July 2017, the project dear to our heart, Let’s Encrypt has now made Wildcard certificate support live in the next step to encrypt the Web. Last week, the certificate authority, which offers free SSL and TLS certificates to webmasters, announced that their new ACME2 (Automated Certificate Management Environment) protocol is now live and with it comes the ability for users to get free wildcard certificates.
Let’s Encrypt wildcard certificates and ACMEv2 are available today! More information can be found here: https://t.co/0SdH98Oabn
— Let’s Encrypt (@letsencrypt) March 13, 2018
What is a Wildcard Certificate
A wildcard certificate is a unified SSL certificate that can be used to provide HTTPS for all subdomains on a given domain. For example, if you had a wildcard certificate for the domain *.domain.com, that single certificate could be used for www.domain.com, blog.domain.com, shop.domain.com, and any other subdomains. If the domain owner does not have a wildcard certificate, then they need to get one for each subdomain they operate, which for larger organizations could become a management nightmare.
Why does Wildcard HTTPS matter?
The wildcards act in the same way as traditional TLS certificates but can be used to secure a domain and unlimited sub-domains on a single certificate, making deployment quicker. This can be especially convenient for WordPress Multi-site networks. Up until now, this has been a long-awaited feature as Wildcard domain certificates are much more expensive than regular single host certificates and it also makes managing SSL certs for a domain much easier.
Wildcard certificates can make certificate management easier in some cases, and we want to address those cases in order to help get the Web to 100% HTTPS.
There are many reasons why HTTPS is an important step that many companies are behind, including issues ranging from user privacy to online security, and Google is known to prefer HTTPS in its search rankings. Malignant intruders can exploit users through unprotected resources, and HTTPS protects against tampering between your applications and the user’s browser.
Do you really need Wildcard SSL?
The reality is that the majority of users do not need wildcards. They are useful when:
• You have many (10-100+) subdomains or combinations of subdomains
• You don’t know what subdomains will exist, e.g., when you dynamically give each customer/user their own subdomain, e.g., when you have a subdomain-based multi-site
• You regularly create new subdomains (at least on a monthly basis)
• You are using a wildcard DNS record and need to protect all possible domains using SSL
How to use Let’s Encrypt Wildcard SSL Certificates at FastComet
Due to Let’s Encrypt policy, Wildcard certificates must use DNS-based validation; you will need to update DNS records on your end since the SSL ACME challenge will have to be performed by a record in the DNS zone of the domain.
Additionally, wildcard domains must be validated using the DNS-01 challenge type. This means that you’ll need to modify DNS TXT records in order to demonstrate control over a domain for the purpose of obtaining a wildcard certificate.
This means that your domain must have its DNS hosted with FastComet nameservers because cPanel needs to be able to create TXT records to demonstrate control of your domain. If your domain has its DNS externally hosted, you will be unable to issue Wildcard certificates with FastComet. For example, if your domain is being pointed by nameservers to a remote CDN service (such as Cloudflare) since the same will be controlling its DNS zone.
Scared? Not to worry. Once you ensure that the domain name points to our server correctly go ahead and access the Let’s Encrypt™ SSL cPanel feature. There you should click on the Issue link next to the domain you would like to have the Wildcard enabled for. The next page should be familiar, but there are few things to do here.
Initially, you will notice that the “Include Wildcard*?” column will be unavailable. That is because Wildcard SSL certificates can ONLY be installed with a dns-01 SSL validation method.
So go ahead and select the dns-01 SSL validation method and once that is done simply click on the Include Wildcard checkbox for the domain you would like to have the Wildcard certificate issued for.
Lastly, click on the Issue button, and after a while, your SSL certificate will be installed. Voila!
The certificate itself is valid for three months (as is standard with all ACME certificates), but it will automatically renew itself unless you choose to cancel it through the cPanel interface.