'In July of 2017, the nonprofit certificate authority Let's Encrypt
promised to deliver something that would put secure websites and Web
applications within reach of any Internet user: free "wildcard"
certificates to enable secure HTTP connections for entire domains.
Today, Let's Encrypt took that promised service live, in addition to a
new version of the Automated Certificate Management Environment (ACME)
protocol, an interface that can be used by a variety of client
software packages to automate verification of certificate requests.
ACME version 2 "has gone through the IETF standards process," said
Josh Aas, executive director of the Internet Security Research Group
(ISRG), the group behind Let's Encrypt, in a blog post on the release.
ACME v2 is currently a draft Internet Engineering Task Force standard,
so it may not yet be in its final form. But the current version is the
result of significant feedback from the industry. And its use is
required to obtain wildcard certificates.
In addition to the ACME v2 requirement, requests for wildcard
certificates require the modification of a Domain Name Service "TXT"
record to verify control over the domain—a similar method to that used
by Google and other service providers to prove domain ownership. But
much of this can be automated by hosting providers that provide DNS
services. A single Let's Encrypt account can request up to 300
wildcard certificates over a period of three hours, allowing a hosting
provider to handle requests for customers who may not have shell
access to their sites.'
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174