Using the new Let’s Encrypt command creates a certificate like “letsencrypt-autogen_2021-09-03T09:39:38Z”.
Do I need to setup a schedule in order to renew it after 60 days?
The certificate is renamed after each renewal. Can I rename it to something constant, so it’s easier to integrate into the services?
Is there support for creating a wildcard-certificate?
Letsencrypt doesn’t support wildcard certificates, it only supports SAN (Subject Alternative Name), which includes explicitly requested server names … but each of them separately have to pass whichever verification chosen (usually it’s challenge-response exchange over http).
LE has supported wildcard certs for years:
https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578
Using indeed Wildcard for years and you need a verification DNS sever to be able to use it.
“wildcard identifiers must be validated by a DNS-01 challenge”
I stand corrected.
I have my own view on feasibility of using any other than HTTP-01 challenge for most of general public. Which makes procedure to get wildcard certificate impractical to me. In addition there are number of security implications when using wildcard certificates. If one needs certificates for systems not accessible from internet, one can easily issue self-signed certificates …
One big advantage of wildcart certificates is that your hostname is not leaked to the public via certificate transparency.
I once generated a certificate on the synology.me domain, the host was then listed on crt.sh and the number of login attempts from all over the world exploded.
If you create a wildcard domain you can at least use it to protect host.domain.tld without exposing the hostname via cert. transparency.
I think that the word “synology” was the trigger for the many login attempts.