top | item 11003233

(no title)

pytrin | 10 years ago

Unfortunately, that doesn't work with dynamic subdomains (i.e, domains assigned and edited by users). Hopefully they'll change their minds in the future - until then, I'll be paying for a commercial certificate

discuss

dyladan|10 years ago

You could always script the letsencrypt API and generate a new certificate on each subdomain generation.

pfg|10 years ago

That's correct, however there are rather aggressive rate limits in place right now that would make this hard for your typical SaaS-on-a-subdomain deployment if you have more than ~5 new signups per week. Plus, if SAN support is a concern, wildcards are preferable too.

novaleaf|10 years ago

i almost went down this route, then realized I could avoid all this R&D and just pay $40 for a wildcard cert.