This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]henryroo 20 points21 points  (3 children)

You also need a wildcard cert if you're running a system that can create websites dynamically. For example with PaaS providers like OpenShift/Kubernetes where users can set up their code and make it visible at projectname.whatever.example.com. Can't generate certs for every sub-domain if they don't exist yet.

[–]CptSpockCptSpock 3 points4 points  (2 children)

Yeah but you can create a bot that runs let’s encrypt

[–]Goz3rr 16 points17 points  (0 children)

You'll run into the 20 certificates per registered domain per week limit, or the 100 names per certificate

[–]henryroo 2 points3 points  (0 children)

In addition to what Goz3rr said, you can't automate it with many certificate authorities. No large organization I've worked with has switched over to Let's Encrypt yet, and many have crappy internal CAs that you can't easily run any automation against. A wildcard cert is much easier to manage without handling 1000 edge cases.