Updated Wildcard Cert information

README.md

@@ -3,11 +3,15 @@ This is a portable version of the source code running on https://xsshunter.com.
 
 **If you don't want to set up this software and would rather just start testing, see https://xsshunter.com .**
 
+# Preqrequisites
+Requires pyyaml to run. This can be installed with the following command:
+pip install pyyaml
+
 # Requirements
 * A server running (preferably) Ubuntu.
 * A [Mailgun](http://www.mailgun.com/) account, for sending out XSS payload fire emails.
 * A domain name, preferably something short to keep payload sizes down. Here is a good website for finding two letter domain names: [https://catechgory.com/](https://catechgory.com/). My domain is [xss.ht](xss.ht) for example.
-* A wildcard SSL certificate, [here's a cheap one](https://www.namecheap.com/security/ssl-certificates/wildcard.aspx). This is required because XSS Hunter identifies users based off of their sub-domains and they all need to be SSL-enabled. We can't use Let's Encrypt because [they don't support wildcard certificates](https://community.letsencrypt.org/t/frequently-asked-questions-faq/26). I'm going to hold off on insulting the CA business model, but rest assured it's very silly and costs them very little to mint you a wildcard certificate so go with the cheapest provider you can find (as long as it's supported in all browsers).
+* A wildcard SSL certificate - this is now supported by [Let's Encrypt](https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579) and information for setup can be found [here](https://medium.com/@saurabh6790/generate-wildcard-ssl-certificate-using-lets-encrypt-certbot-273e432794d7).
 
 # Setup
 Please see https://thehackerblog.com/xss-hunter-is-now-open-source-heres-how-to-set-it-up/ for information on how to set up XSS Hunter on your own server.