Stuart D. Gathman wrote:
They verify all the SANs for free certs by reading a cookie from the
website, and that would be impossible for a wildcard. So the SAN list
is really the only way it could be done for that level of verification.
Right, it's hard to automatically verify wildcards, so they don't do it. You
don't want it to end up like the rogue CA that gave somebody a *.github.io
certificate after verifying control of ${NAME}.github.io.
Also, letsencrypt only signs ICANN domains - mainly because they use
the ICANN root to verify the domains. (I.e. they won't help with .bit
domains among others.)
It is of course also necessary to restrict the possible roots if you want to
verify control of the domain name, or I could let it verify
example.com on
my own (hypothetical) rogue .com root. And the easiest way to do that was to
just hardcode the ICANN roots, which are widely recognized as the "official"
ones.
Kevin Kofler