I'm deploying a PHP app in the Swisscom Cloud listening to a wildcard route (*.example.com).
With Let's Encrypt is no problem to secure ssl routes. It's also no problem to create a wildcard route like *.mydomain.com for an app in the Swisscom Cloud.
The Question: Is it possible to create secure wildcard routes using my own wildcard certificate (I think Let's Encrypt does not support wildcards) ? Can this be done with the CLI?
For secure SSL routes, we rely completely on Let's Encrypt - there is no way to bring your own certificate and key. This is also due to security reasons (the key should never leave the machine it was generated on).
Unfortunately, LE does not support wildcard certificates at the moment:
Will Let’s Encrypt issue wildcard certificates?
We currently have no plans to do so, but it is a possibility in the future. Hopefully wildcards aren’t necessary for the vast majority of our potential subscribers because it should be easy to get and manage certificates for all subdomains.
https://community.letsencrypt.org/t/frequently-asked-questions-faq/26
I suggest you create a certificate for each subdomain. If you would like to automate this, you can directly speak to the API: https://api.lyra-836.appcloud.swisscom.com/api-doc/#!/Certification_Processes/put_custom_certifications_create
Edit:
Let’s Encrypt will begin issuing wildcard certificates in January of 2018
https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html