-
-
Notifications
You must be signed in to change notification settings - Fork 288
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#2128 adding issuewild
#1820
base: dev
Are you sure you want to change the base?
#2128 adding issuewild
#1820
Conversation
In my opinion we should, before merging, have a setting to declare that all subdomains of a domain will be handled by that same YunoHost server (a fortiori and more technically correct, to declare that the subdomains certificates will be delivered by Let's Encrypt). I see many use cases on the forum where users use the same main domain for multiple servers, not all running YunoHost. |
An option between using a wildcard vs a normal certificate can be a solution. Even if you're using wildcard cert, it is possible to use separate certificates for the main/subdomains separately. CAA records further still allow having more than one CA, if set correctly. An example of this is also available at https://letsencrypt.org/docs/caa/#examples.
Even if you're using multiple servers for the same domain, the certificate will have to be picked up from a specific source. For example, my own domain uses 2 servers. I host my mail services from a second server not using YunoHost, I still use LetsEncrypt there but I have to generate the certificates for In my understanding, #2128 raised by @renne just allows the possibility to have |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't know what to do with this considering that in its current state, YunoHost cannot request wildcard certs, and yet this means that every diagnosis for every yunohost instance in the wild will "complain" that this DNS record should be set ...
Maybe your point is that you want to be able to get a wildcard cert, but Yunohost suggestion doesn't stop you from manually adding this record and fetching the wildcard cert ...
I don't know what is supposed to happen here until YunoHost/issues#2089 or YunoHost/issues#1292 becomes a priority either. |
The problem
Allow Let's encrypt wildcard subdomain certificates in CAA records #2128
Solution
YunoHost/issues#2128 (comment)
PR Status
...
How to test
...