I believe Let’s Encrypt only allows wildcard certs for DNS challenges so it’s not really in the scope of Nginx; but I haven’t used other web servers, do they implement that?
Edit: Looked into Caddy, it seems to have a plugin system for DNS providers, that’s pretty slick. I can’t see that ever happening for Nginx they seem very opinionated in wanting to be unopinionated unfortunately. I’m still sad they rejected the PR to implement prefers-color-scheme for default error pages.
You can setup wild card certs with a DNS challenge using traefik. No plug-ins needed, works right out the box.
Personally, I quite prefer traefik. Its harder to use than Caddy but offers more features. Also, it uses yaml or docker labels for config. I’m not a fan of the nginx .conf format.
DNS-01 is in the pipeline at least, so hopefully we’ll see that bring wildcard certs along with it.
It’s nice to see this being integrated into nginx. I’ve been using ACME.sh for around a decade instead. It just triggers through a script on a crontab schedule grabbing a new cert via DNS-01 if necessary, then refreshing nginx to recognize the new file.
No wildcard support sigh
I believe Let’s Encrypt only allows wildcard certs for DNS challenges so it’s not really in the scope of Nginx; but I haven’t used other web servers, do they implement that?
Edit: Looked into Caddy, it seems to have a plugin system for DNS providers, that’s pretty slick. I can’t see that ever happening for Nginx they seem very opinionated in wanting to be unopinionated unfortunately. I’m still sad they rejected the PR to implement
prefers-color-scheme
for default error pages.You can setup wild card certs with a DNS challenge using traefik. No plug-ins needed, works right out the box.
Personally, I quite prefer traefik. Its harder to use than Caddy but offers more features. Also, it uses yaml or docker labels for config. I’m not a fan of the nginx .conf format.
DNS-01 is in the pipeline at least, so hopefully we’ll see that bring wildcard certs along with it.
It’s nice to see this being integrated into nginx. I’ve been using ACME.sh for around a decade instead. It just triggers through a script on a crontab schedule grabbing a new cert via DNS-01 if necessary, then refreshing nginx to recognize the new file.