我们很高兴地宣布ACMEv2和通配符证书的支持是现场的!通过今天的新功能,我们将继续打破跨网站采用HTTPS的障碍,让每个网站都可以更轻松地获取和管理证书。
ACMEv2 1.2k是我们的ACME协议的更新版本,它已通过IETF标准流程,同时考虑到行业专家和其他组织可能希望在某天使用ACME协议进行证书颁发和管理的反馈意见。
通配符证书1.5k允许您使用单个证书来保护域的所有子域。在某些情况下,通配符证书可以使证书管理更容易,我们希望解决这些情况,以帮助使Web达到100%HTTPS。对于大多数使用情况,我们仍然推荐使用非通配符证书。
通配符证书只能通过ACMEv2获得。为了将ACMEv2用于通配符或非通配符证书,您需要已更新以支持ACMEv2 2.9k的客户端。我们的意图是将所有客户和订户转换为ACMEv2,尽管我们还没有为我们的ACMEv1 API设置报废日期。
另外,通配符域必须使用DNS-01质询类型进行验证。这意味着您需要修改DNS TXT记录才能演示对域的控制以获得通配符证书。
有关ACMEv2和通配符证书的更多技术信息,请参阅此文章3.1k。
我们对100%HTTPS Web的前景感到非常兴奋,我们正在努力实现这一目标。作为一个非营利组织,我们需要社区的大力支持,所以请考虑参与110,捐赠141或赞助93 Let’s Encrypt。
原文:
We’re pleased to announce that ACMEv2 and wildcard certificate support is live! With today’s new features we’re continuing to break down barriers for HTTPS adoption across the Web by making it even easier for every website to get and manage certificates.
ACMEv21.2k is an updated version of our ACME protocol which has gone through the IETF standards process, taking into account feedback from industry experts and other organizations that might want to use the ACME protocol for certificate issuance and management some day.
Wildcard certificates1.5k allow you to secure all subdomains of a domain with a single certificate. Wildcard certificates can make certificate management easier in some cases, and we want to address those cases in order to help get the Web to 100% HTTPS. We still recommend non-wildcard certificates for most use cases.
Wildcard certificates are only available via ACMEv2. In order to use ACMEv2 for wildcard or non-wildcard certificates you’ll need a client that has been updated to support ACMEv22.9k. It is our intent to transition all clients and subscribers to ACMEv2, though we have not set an end-of-life date for our ACMEv1 API yet.
Additionally, wildcard domains must be validated using the DNS-01 challenge type. This means that you’ll need to modify DNS TXT records in order to demonstrate control over a domain for the purpose of obtaining a wildcard certificate.
For more technical information about ACMEv2 and wildcard certificates, see this post3.1k.
We’re excited about the prospect of a 100% HTTPS Web and we’re working hard to get there. As a non-profit organization, we need strong support from our community so please consider getting involved110, making a donation141, or sponsoring93 Let’s Encrypt.
地址:https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579