Support for letsecrypt wildcard certificates

[RealOrangeOne]

https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578

I believe the only changes which need to be made are upgrading the certbot client, and specifying the V2 server.

This is especially useful for the default app feature (unknown subdomain), which means we can finally have a default app over SSL

[pdutourgeerling]

It looks like a lot of work to me. Besides requiring ACME v2, LE also requires the DNS-01 challenge for wildcard certificates.

dokku-letsencrypt currently uses simp_le which doesn’t support the DNS-01 challenge, and ACME v2 yet. They are planning to add support for ACME v2, but not DNS-01. See zenhack/simp_le#101.

If simp_le chooses to support DNS-01 or dokku-letsencrypt decides to use another LE client, it still needs to implement a way to automate DNS-01.

Please correct me if I’m wrong.

[mtzfactory]

It would be nice to have this feature...
;-)

[joshmanders]

@mtzfactory Pull requests are welcome.

[almereyda]

simp_le has implemented ACME v2 with zenhack/simp_le#119. #101 there has since been closed.

Yet the manifest https://github.com/zenhack/simp_le#manifest states in point 3. that only http-01 will be supported. In nginx-proxy/acme-companion#319 (comment) they are considering to switch to acme.sh and implement the dns-01 challange through it.

[dean1012]

This should be done as part of #183 (comment)

If no one sees any issues, this can be closed.

[josegonzalez]

Closed as part of work from @dean1012 in #183.