LEND 2.0 is now out and includes domain wildcard support
by Richard Pajerski
Posted on Friday December 28, 2018 at 07:29PM in Technology
[Edit February 2020: the LEND product has been renamed to CertMatica]
Version 2.0 of LEND is now available and comes with domain wildcard certificate support via DNS challenge.
Wildcard certificates are convenient particularly in situations where a single Domino server hosts multiple virtual sites, each of which needs SSL/TLS protection. Managing separate certificates for each Domino SSL site in this situation is feasible but not very practical since each one requires its own IP address. A wildcard certificate takes care of that issue and fortunately, Let's Encrypt began offering wildcard certificates earlier this year. However, as of this blog posting, they're only supported with the DNS-01 challenge type.
The DNS challenge feature was interesting to implement because Let's Encrypt DNS challenges do not offer the same level of automation as HTTP challenges. With the DNS challenge, Let's Encrypt servers will query your hosting provider during the challenge/response phase instead of your HTTP server (which is queried when using the HTTP challenge). Since there's no industry-standard way to modify DNS records, the challenge must be entered manually at renewal time, typically using your hosting provider's custom web interface. Fortunately, LEND now has built-in workflow to remind administrators when to do so at renewal time!
Take LEND for a test ride and let me know what you think.