Dennis

Dennis

Live

Since CloudFlare can be integrated into the Panel so you have the API creds, would be great to choose to obtain the SSL certs via DNS validation rather than HTTP. certbot-dns-cloudflare.readthedocs.io/en/stable/

I have some use cases where with exception for some IPs, all requests are redirected to something else. Another case is when the home page redirects to something else with exception for a few subdirectories and becomes complicated to only allow .well-known.

When migrating or starting new development projects, the origin domain is normally located on another server with the IP pointing there. It cannot be replaced to get the SSL so letsencrypt accept the option to get the certificate using CNAME records instead. https://community.letsencrypt.org/t/how-to-issue-ssl-to-client-domain-via-cname-records/128079

This is done using the dns01-challenge https://letsencrypt.org/docs/challenge-types/#dns-01-challenge This allow to create also domains when DNS for the domain are not public yet (using local hosts file to work on them) and allow to do zero downtime migrations.

This also helps with the problem with cloudflare using grey or orange, as the IP is not important anymore.

It is a basic feature for letsencrypt and I hope you can consider it. Thanks

Graffino

Graffino

·
·

Maybe switch to acme.sh? It is much more reliable than certbot and doesn't have any dependencies. Also supports infinite drivers for DNS checks.

no votes yet
Angel

Angel

· · Edited
·

I think it would be best to use the DNS-01 challenge type from LetsEncrypt. That will work with any DNS. https://letsencrypt.org/docs/challenge-types/#dns-01-challenge I created another request, which is related to this, but not exactly a duplicate: https://roadmap.ploi.io/items/173-letsencrypt-ssl-via-cname

no votes yet
Angel

Angel

·
·

It could be good to be able to manage the redirections and htst like other providers do.

no votes yet
Sylvain Simoneau

Sylvain Simoneau

·
·

The latest newsletter from console.dev just mentioned Agnos (https://github.com/krtab/agnos), a binary tool to query certificates from Let's Encrypt using DNS-01 challenges. Not sure if it can help with this feature, but it doesn't hurt to check.

no votes yet
Graffino

Graffino

· · Edited
·

It seems DNS certs are available when entering a wildcard domain (https://ploi.io/documentation/ssl/how-do-i-request-an-letsencrypt-wildcard-certificate) ... why not make them available for all domains?

1 total vote
Angel

Let's Encrypt SSL via certbot-dns-cloudflare

20 total votes
  • Dennis moved item to board Live

    1 year ago
  • Dennis moved item to board In progress

    1 year ago
  • Dennis moved item to board Planned

    2 years ago
  • Dennis moved item to project Site Level Requests

    2 years ago
  • Dennis opened

    2 years ago