From 3419e609ea9982bf49b92d9678293abc418a526a Mon Sep 17 00:00:00 2001
From: Stoiko Ivanov <s.ivanov@proxmox.com>
Date: Thu, 15 Apr 2021 21:46:22 +0200
Subject: [PATCH] certs: add wildcard certificate support

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 pmg-ssl-certificate.adoc | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/pmg-ssl-certificate.adoc b/pmg-ssl-certificate.adoc
index 6cd44b1..64a2521 100644
--- a/pmg-ssl-certificate.adoc
+++ b/pmg-ssl-certificate.adoc
@@ -187,6 +187,18 @@ and set the `alias` property in the {pmg} node configuration file
 `/etc/pmg/node.conf` to `domain2.example` to allow the DNS server of
 `domain2.example` to validate all challenges for `domain1.example`.
 
+[[sysadmin_certs_acme_dns_wildcard]]
+Wildcard Certificates
+^^^^^^^^^^^^^^^^^^^^^
+
+Wildcard DNS names start with a `*.` prefix and are considered valid for all
+(one-level) subdomain names of the verified domain. So a certificate for
+`*.domain.example` is valid for example for `foo.domain.example` and
+`bar.domain.example`, but not for `baz.foo.domain.example`.
+
+You can currently create wildcard certificates only with the
+https://letsencrypt.org/docs/challenge-types/#dns-01-challenge[DNS challenge type].
+
 
 Combination of Plugins
 ^^^^^^^^^^^^^^^^^^^^^^
-- 
2.39.2