Let’s Encrypt, the certificate authority that provides free digital certificates for site owners, plans to expand its service soon by offering wildcard certificates, as well, beginning in January.
The move is designed to enable site owners to secure their main domain, along with as many subdomains as they own, with just one certificate. Normal certificates are tied to a single domain or subdomain and so organizations need a separate one for each individual domain.
“A wildcard certificate can secure any number of subdomains of a base domain (e.g. *.example.com). This allows administrators to use a single certificate and key pair for a domain and all of its subdomains, which can make HTTPS deployment significantly easier,” Josh Aas, executive director of the Internet Security Research Group, the non-profit that runs Let’s Encrypt, said in a post announcing the move.
“Wildcard certificates will be offered free of charge via our upcoming ACME v2 API endpoint. We will initially only support base domain validation via DNS for wildcard certificates, but may explore additional validation options over time.”
Let’s Encrypt began in late 2015 and emerged from the atmosphere of concern in the privacy and security communities that arose in the wake of the revelations by Edward Snowden about the scope of Internet surveillance by NSA and other intelligence agencies. Several large technology companies started or accelerated plans to encrypt their public infrastructure, and security experts encouraged other organizations to do the same in an effort to protect users from pervasive surveillance.
In the year and a half since the project began, Let’s Encrypt has issued more than 100 million individual certificates and now secures more than 47 million individual domains.
“When Let’s Encrypt’s service first became available, less than 40% of page loads on the Web used HTTPS. It took the Web 20 years to get to that point. In the 19 months since we launched, encrypted page loads have gone up by 18%, to nearly 58%. That’s an incredible rate of change for the Web,” Aas said.