I have several Cloud Foundry apps running on IBM Cloud. I found that Let's Encrypt offer wildcard certificates. How can obtain such certificate and configure it for my IBM Cloud apps?
Note that I successfully can use this bluemix-letsencrypt wrapper for a single app. But I would like to replace that method by a wildcard certificate.
1) Add your custom domain to IBM Cloud, so that the platform knows that you want to use it.
2) Make sure that your domain registrar has a CNAME entry that points to IBM Cloud. See the linked instructions in 1).
3) Use the EFF's certbot tool:
git clone https://github.com/certbot/certbot
cd certbot
./certbot-auto certonly --manual --preferred-challenges dns \
--server https://acme-v02.api.letsencrypt.org/directory \
--email email@example.com --domains *.apps.example.com --no-bootstrap
4) Once prompted, make the DNS challenge work. That could involve some trial and error with your registrar.
5) When done with certbot, upload the certificate and private key to the IBM Cloud domain management.
6) Check the app route using the custom domain. SSL / https should work now and be secured.
Here is a tutorial on wildcard certificates and IBM Cloud with screenshots and more details.
Note that you can use the IBM Cloud Certificate Manager to handle the SSL / TLS certificates.