[BlueOnyx:21558] Re: LetsEncrypt coming up with wildcard certificates

[Michael Stauber]

Hi Meaulnes,

> In January 2018, LetsEncrypt plans to introduce wildcard certificates
> <https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html>.
> Is an implementation of those over the BlueOnyx GUI planned?

Yes, we will add that as well once it is out.

> For instance, on my virtual server vs.domain.tld, the admin interface
> has a LetsEncrypt certificate as standard. I installed — see above — a
> 2nd certificate for www.domain.tld. But the mail server, in this case
> mail.domain.tld, doesn't have one. So would a wildcard certificate,
> installed over the GUI, cover all of them? Where should it be installed?

Like Maurice said: The AdmServ certificate is used for SMTP, POP3, IMAP
and (of course) the GUI. So this is a bit tricky, as that cert at this
time only covers the FQDN of the server. However, once the wildcard-cert
comes out, we can wiggle in that it'll do a wildcard for the domain of
the FQDN that's used for the server-name.

The GUI pages for Vsites that deal with LE-certs already let you choose
which email- and webserver aliases you want the cert to be valid for. So
it can already be valid for more than just www.domain.com and domain.com
(for example). I'll add provisions for the wildcard cert to that as well.


-- 
With best regards

Michael Stauber