Let's Encrypt profiles
-
Let's encrypt announced profiles recently - https://letsencrypt.org/docs/profiles/ . This has now reached GA - https://letsencrypt.org/2026/01/15/6day-and-ip-general-availability
For example, this allows you to create certs which are short lived (like 6 days).
I added support for this in the code but it's not exposed to end user. Was wondering if anyone has use case for this in Cloudron world. I can't think of any but wanted to check.
-
I read that it has IP support. Does that mean that on my Cloudron with a dashboard at my.example.com, one cert would then cover all other apps on my Cloudron, like nextcloud.example.com, bitwarden.example.com, wordpress.example.com, and even office.go.com, mynostr.com, ghostblog.org and otherservice.ca, rather than every app/domain needing their own cert??
-
I think IP support only means you can get a certificate for an IP. http protocol still requires domain names and certs for each domain for vhost'ing (i.e multiple domains in the same IP) to work.
Also, if you use wildcard certs, there is only shared cert for every domain in cloudron .
-
Let's encrypt announced profiles recently - https://letsencrypt.org/docs/profiles/ . This has now reached GA - https://letsencrypt.org/2026/01/15/6day-and-ip-general-availability
For example, this allows you to create certs which are short lived (like 6 days).
I added support for this in the code but it's not exposed to end user. Was wondering if anyone has use case for this in Cloudron world. I can't think of any but wanted to check.
-
@robi I think cloudron would probably expose these internal apps with a proper cloudron domain and something like the proxy app, which already supports https the usual cloudron way
-
Let's encrypt announced profiles recently - https://letsencrypt.org/docs/profiles/ . This has now reached GA - https://letsencrypt.org/2026/01/15/6day-and-ip-general-availability
For example, this allows you to create certs which are short lived (like 6 days).
I added support for this in the code but it's not exposed to end user. Was wondering if anyone has use case for this in Cloudron world. I can't think of any but wanted to check.
@girish said in Let's Encrypt profiles:
use case
What about issuing a certificate for the IP address during initial setup? Would encrypt the initial admin credentials.
-
@girish said in Let's Encrypt profiles:
use case
What about issuing a certificate for the IP address during initial setup? Would encrypt the initial admin credentials.
@andreasdueren yes, that's on my TODO list but not a priority. I am sure browsers will make it even harder at some point to visit https://ip with self-signed. But we have 1-2 years at least to implement this.
-
Let's encrypt announced profiles recently - https://letsencrypt.org/docs/profiles/ . This has now reached GA - https://letsencrypt.org/2026/01/15/6day-and-ip-general-availability
For example, this allows you to create certs which are short lived (like 6 days).
I added support for this in the code but it's not exposed to end user. Was wondering if anyone has use case for this in Cloudron world. I can't think of any but wanted to check.
@girish This makes a lot of sense for HashiCorp Vault, since it acts as a central trust component and supplies credentials to applications hosted separately. It also fits reasonably well for Uptime Kuma, where servers send heartbeat signals, though that’s a lighter use case. Another strong case is when Cloudron itself is used as the OIDC provider for other applications.
-
My thoughts on profiles:
- Regular app installation = tlsserver (classic as fallback)
- App cloning for rapid testing or a development staging setup = shortlived
