Let's Encrypt is a fully automated certification authority. At DNSimple we truly believe in domain and certificate automation, and we've been providing a Let Encrypt integration for 2 years. In 2018 we announced the ability to use the DNSimple API to request a certificate.

Initially, Let's Encrypt only offered non-wildcard certificates. In March 2018 they released support for wildcard certificates. Since then, this has been one of the most requested features on our customer support channel.

Wildcard certificates allow you to secure an unlimited number of names belonging to a single subdomain level. Wildcard also makes certificate management easier, since you don't need to know all the names you want to secure up front. A certificate for *.example.com will cover blog.example.com, shop.example.com, and api.example.com.

    APEX (root) Domain
      ____|____
     /         \
   *.example.com
   |
wildcard

🎉 Starting today you can issue Let's Encrypt wildcard certificates with DNSimple. 🎉

All you need is a DNSimple account with an active subscription to the Professional or Business plan and a domain that is resolving with us.

Please note that wildcard certificates can only be validated via DNS (as per Let's Encrypt protocol design), therefore the domain will need to use DNSimple in order for the certificate to be issued.

How do wildcard certificates work?

Let's Encrypt wildcard certificates work the same as the existing non-wildcard ones.

You can mix any number of wildcard and non-wildcard names in the same certificate (up to 100 names, which is a limit imposed by Let's Encrypt). For example, you can issue a certificate for example.com and *.example.com to cover the root domain and virtually every one-level subdomain of your name.

Wildcard certificates are also auto-renewed automatically by DNSimple, exactly like any other Let's Encrypt certificate. We automatically validate and renew your certificate every 60 days, as long as the domain continues to use the DNSimple name servers.

More information is available in our Let's Encrypt and DNSimple support article.

The way to wildcards

At the beginning of 2018, Let's Encrypt launched wildcard support. We immediately knew we wanted to add this feature to our Let's Encrypt implementation. Wildcard certificates were previously only available under the new ACME protocol version 2.

The ACME (Automated Certificate Management Environment) protocol is used (and developed) by Let's Encrypt to automate interactions between certificate authorities and their users' web servers, allowing automated deployment of public key infrastructure at a very low cost. [1]

We upgraded to ACME version 2 in August 2018, but we also wanted to take this chance to make it as easy as possible for you to interact with our certificate interface. We shipped many small improvements over the last few months, including the new names list, because your wildcard certificate can also include multiple names, and even multiple wildcards.

We know our customers hold us to a high standard. That's why we shipped this feature with the same great API documentation, along with support articles to guide you through the process.

If you don't have a DNSimple account yet, we invite you to use our free 30-day trial to get to know us better. Whether you're one of our long-time customers, or you just joined for the free certificates, we hope you enjoy this new feature. If you have any feedback, please get in touch. Learn more about DNSimple and Let's Encrypt certificates.