Let’s Encrypt开放申请免费通配符 SSL 证书/野卡

由于野卡验证只支持 dns 验证, 不支持 http 验证. 所以请使用 dns api 模式.

acme.sh --issue -d exmaple.com -d *.example.com --dns dns_cf 

acme.sh 支持了 40 多种 dns api 的原生集成, 满足大部分需求:


如果以上没有你要的, 可以尝试 dns alias 模式:


Let’s Encrypt官方详情:https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579

Let’s Encrypt开放申请免费通配符 SSL 证书/野卡

Let’s Encrypt免费通配符SSL证书官方原文:

We’re pleased to announce that ACMEv2 and wildcard certificate support is live! With today’s new features we’re continuing to break down barriers for HTTPS adoption across the Web by making it even easier for every website to get and manage certificates.

ACMEv21.8k is an updated version of our ACME protocol which has gone through the IETF standards process, taking into account feedback from industry experts and other organizations that might want to use the ACME protocol for certificate issuance and management some day.

Wildcard certificates2.1k allow you to secure all subdomains of a domain with a single certificate. Wildcard certificates can make certificate management easier in some cases, and we want to address those cases in order to help get the Web to 100% HTTPS. We still recommend non-wildcard certificates for most use cases.

Wildcard certificates are only available via ACMEv2. In order to use ACMEv2 for wildcard or non-wildcard certificates you’ll need a client that has been updated to support ACMEv23.9k. It is our intent to transition all clients and subscribers to ACMEv2, though we have not set an end-of-life date for our ACMEv1 API yet.

Additionally, wildcard domains must be validated using the DNS-01 challenge type. This means that you’ll need to modify DNS TXT records in order to demonstrate control over a domain for the purpose of obtaining a wildcard certificate.

For more technical information about ACMEv2 and wildcard certificates, see this post4.1k.

We’re excited about the prospect of a 100% HTTPS Web and we’re working hard to get there. As a non-profit organization, we need strong support from our community so please consider getting involved167, making a donation183, or sponsoring115 Let’s Encrypt.

Let’s Encrypt免费通配符SSL证书译文:



通配符证书2.1k允许您使用单个证书保护域的所有子域。通配符证书在某些情况下可以使证书管理变得更容易,我们希望处理这些情况,以帮助将Web应用到100% HTTPS。我们仍然推荐大多数用例的非通配符证书。

通配符证书只能通过ACMEv2获得。为了使用ACMEv2作为通配符或非通配符证书,您需要一个已更新的客户端来支持ACMEv23.9k。虽然我们还没有为ACMEv1 API设置一个生命结束日期,但我们的意图是将所有客户端和订阅者转换到ACMEv2。

此外,必须使用DNS-01挑战类型验证通配符域。这意味着您需要修改DNS TXT记录,以显示对域的控制,以便获得通配符证书。


我们对100% HTTPS网络的前景感到兴奋,我们正在努力实现这一目标。作为一个非盈利性组织,我们需要来自我们社区的大力支持,所以请考虑加入到167,做一个donation183,或赞助115让我们加密。



  • 暂无文章

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址