The EFF's 'Let's Encrypt' Plans Wildcard Certificates For Subdomains

Long-time Slashdot reader jawtheshark shares an announcement from the EFF's free, automated, and open TLS certificate authority at LetsEncrypt.org: Let's Encrypt will begin issuing [free] wildcard certificates in January of 2018... A wildcard certificate can secure any number of subdomains of a base domain (e.g. *.example.com). This allows administrators to use a single certificate and key pair for a domain and all of its subdomains, which can make HTTPS deployment significantly easier.
58% of web traffic is now encrypted, Let's Encrypt reports, crediting in part the 47 million domains they've secured since December of 2015. "Our hope is that offering wildcards will help to accelerate the Web's progress towards 100% HTTPS," explains their web page, noting that they're announcing the wild card certificates now in conjunction with a request for donations to support their work.

Re:90 day certificates

[bill_mcgonigle]

Letsencrypt will continue to lack any credibility until they abandon this retarded policy.

Dude, you are lacking credibility here if you don't understand why long-lived certs are a problem for security. For small businesses, the main reason not to do a short cert, given letsencrypt's cron jobs, is for a wildcard cert, which is expensive, and now that is being solved. For personal websites, wildcards are generally not used. Enterprises have the option of syncing their client and server certs, for authentication purposes, or buying a long-lived cert.

FYI, Google can afford whatever it wants and has been using 90-day certs for a while too. You should write to them and tell them they lack credibility on Internet security. :P