Dennis

Dennis

Planned

Since CloudFlare can be integrated into the Panel so you have the API creds, would be great to choose to obtain the SSL certs via DNS validation rather than HTTP. certbot-dns-cloudflare.readthedocs.io/en/stable/

I have some use cases where with exception for some IPs, all requests are redirected to something else. Another case is when the home page redirects to something else with exception for a few subdirectories and becomes complicated to only allow .well-known.

When migrating or starting new development projects, the origin domain is normally located on another server with the IP pointing there. It cannot be replaced to get the SSL so letsencrypt accept the option to get the certificate using CNAME records instead. https://community.letsencrypt.org/t/how-to-issue-ssl-to-client-domain-via-cname-records/128079

This is done using the dns01-challenge https://letsencrypt.org/docs/challenge-types/#dns-01-challenge This allow to create also domains when DNS for the domain are not public yet (using local hosts file to work on them) and allow to do zero downtime migrations.

This also helps with the problem with cloudflare using grey or orange, as the IP is not important anymore.

It is a basic feature for letsencrypt and I hope you can consider it. Thanks

Graffino

Graffino

·

Maybe switch to acme.sh? It is much more reliable than certbot and doesn't have any dependencies. Also supports infinite drivers for DNS checks.

Angel

Angel

· ·

I think it would be best to use the DNS-01 challenge type from LetsEncrypt. That will work with any DNS. https://letsencrypt.org/docs/challenge-types/#dns-01-challenge I created another request, which is related to this, but not exactly a duplicate: https://roadmap.ploi.io/items/173-letsencrypt-ssl-via-cname

Angel

Angel

·

It could be good to be able to manage the redirections and htst like other providers do.

You may use @ to mention someone.

Let's Encrypt SSL via certbot-dns-cloudflare

11 total votes
  • Dennis moved item to board Planned

    4 months ago
  • Dennis moved item to project Site Level Requests

    4 months ago
  • Dennis opened

    4 months ago