Let’s Encrypt completes renewed acme protocol and adds wildcard certificates

Let’s Encrypt has announced that the process around wildcard certificates has been completed and that these are now also available. In addition, the organization has renewed its acme protocol, which allows users to obtain a certificate for their website.

Josh Aas of the Internet Security Research Group, who is behind Let’s Encrypt, announced the availability of wildcard certificates in his announcement. These certificates should have been made available earlier, but were postponed. The announcement of the certificates took place in the summer of last year. The addition allows Let’s Encrypt users to use a single certificate for a domain including all subdomains, making it easier to provide an entire domain with https.

In the announcement, Aas writes that the acme protocol has also been renewed in the form of acmev2, which has gone through the IETF standardization process. Only with this version it is possible to use the new wildcard certificates. A second requirement for these certificates is that domain validation takes place on the basis of a dns-01 challenge, which requires an adjustment of the txt record. In addition, a compatible client is required to use the new protocol. There are several options in this area, such as the Certbot recommended by Let’s Encrypt.

Eventually, a full transition to acmev2 should take place, although an end-of-life time has not yet been set for the predecessor. Let’s Encrypt is a service that makes it possible to request free certificates for a domain, in order to enable a secure https connection.

Issued Let’s Encrypt certificates per day, via Let’s Encrypt