We use Web Access Management in Sierra to provide remote access to some of our digital resources for our members. This requires us to have a wildcard SSL certificate. It would be great if organisations like LetsEncrypt and DigiCert could provide Wildcard SSL certificates via their auto renewal infrastructure.

MEEP candidate for the Sierra 6.7 release

Functional Requirements (what does it need to do?)

● Integration between Sierra and automatic certificate renewal infrastructure established by local sysadmins (for short-term, renewable certificates like LetsEncrypt, DigiCert, etc.), is introduced as:
- A staging location in Sierra where a new or just-renewed SSL certificate may be placed by an external process for subsequent installation and activation
- An API which installs and activates the new or just-renewed SSL certificate in Sierra's production locations, restarting services as necessary, providing confirmation in API response
- An option for Sierra to automatically install and activate certificates as they appear in the staging location, and provide the confirmation result in a user-viewable log, as an alternative to the API call
- Both the API call and the auto-install method support rollback to the previous installed certificate
- Authorized users may review logs of certificate installation activity including public certificate details

MEEP candidate for the Sierra 6.6 release

Functional Requirements (what does it need to do?)

● Integration between Sierra and automatic certificate renewal infrastructure established by local sysadmins (for short-term, renewable certificates like LetsEncrypt, DigiCert, etc.), is introduced as:
o A staging location in Sierra where a new or just-renewed SSL certificate may be placed by an external process for subsequent installation and activation
o An API which installs and activates the new or just-renewed SSL certificate in Sierra's production locations, restarting services as necessary, providing confirmation in API response
o An option for Sierra to automatically install and activate certificates as they appear in the staging location, and provide the confirmation result in a user-viewable log, as an alternative to the API call
o Both the API call and the auto-install method support rollback to the previous installed certificate
o Authorized users may review logs of certificate installation activity including public certificate details

The title of this says all you really need to know about why it'll soon be essential to automate the certificate renewal process ...

"SSL/TLS certificate lifespans reduced to 47 days by 2029"
https://www.bleepingcomputer.com/news/security/ssl-tls-certificate-lifespans-reduced-to-47-days-by-2029/