I think the impact is huge. For a small fish like me who is managing websites close to high 2 digits in number, it is saving us over $500/Year already. Not to mention how easy it is depending on the OS and tools [0] that you can use. On that note, we just donated to LetsEncrypt. Thank you for what you do.

[0] https://certbot.eff.org/

[1] https://features.cpanel.net/topic/provide-support-for-lets-e...

Installing Let's Encrypt on CentOS was a pain because the auto command didn't work, I found this really useful cpanel plugin that automated it though https://github.com/Prajithp/letsencrypt-cpanel

Once it actually is easier to generate/install certificates it'll hopefully see wider adoption.

why a 3rd party plugin ? Cpanel released an official plugin already about a month ago. See this:

https://features.cpanel.net/topic/provide-support-for-lets-e...

I must have missed that, thanks!

You exaggerating a lot in this article. If anyone will get access to your servers then you have a lot bigger problem than him having your ssl certificate. Point number two is that a lot of companies can't use Let's Encrypt because of agreements signed with payment processors, government agencies etc.

I'm not exaggerating.

Development servers are absolutely not held to the same levels of scrutiny as our payment card processing servers.

Not using letsencrypt due to other regulation is perfectly valid- but using wildcard certificates has a strong potential to cause more harm than simply using another SSL provider.

The solution that we use for this is to have a separate domain for dev with its own wildcard certificate, like company-dev.net.

That's a great solution. Avoiding wildcard certs seems like a poor way to deal with the issue...

Why couldn't you instead have a deployment process that includes calling certbot automatically for the new domain then? Since the domain is likely ICANN registered right.

EDIT: it's common courtesy to explain why you downvote a post, as it stands I'm going to make the assumption the downvoters are simply too lazy to do things properly.

I didn't downvote you, but there are different reasons why you would like to use a wildcard certificate and even if those reasons are not aligned with your goals they shouldn't be dismissed.

I know two, at least. For a small communitary school in my city, teachers and students keep blogs in a wordpress multi user server, for storing data or doing webdev examples. They have a subdomain setup and cannot use ssl as the domain name will always be unknown by the person who creates the blog and the wildcard is too expensive for something they do in their free time.

Sandstorm uses unknown subdomains as a way to avoid possible security issues https://docs.sandstorm.io/en/latest/administering/wildcard/#...

I'm sure your points are valid, but you cannot define the thread model of others so easy. And don't get mad by downvotes, upvoting or downvoting is pretty boring