Wildcard DNS & Let's Encrypt Prod certs - are subdomains publicly exposed?
-
I'm preparing all my domains to use Wildcard DNS instead of DigitalOcean/Manual because I intend on switching to Contabo soon. I'm interested in hiding the subdomains from being listed as mentioned in this CR doc. I can't use "Wildcard DNS + Let's Encrypt Prod - Wildcard" because CR says:
Wilcard cert requires a programmable DNS backendHowever, I can use "Wildcard DNS + Let's Encrypt Prod". Am I out of luck in hiding my subdomains from the "certificate transparency log"?
-
I'm preparing all my domains to use Wildcard DNS instead of DigitalOcean/Manual because I intend on switching to Contabo soon. I'm interested in hiding the subdomains from being listed as mentioned in this CR doc. I can't use "Wildcard DNS + Let's Encrypt Prod - Wildcard" because CR says:
Wilcard cert requires a programmable DNS backendHowever, I can use "Wildcard DNS + Let's Encrypt Prod". Am I out of luck in hiding my subdomains from the "certificate transparency log"?
@humptydumpty That's right. No way to get wildcard certs with wildcard DNS.
To get a wildcard certificate, one needs to be able to program/automate the DNS. Let's Encrypt (acme) protocol requires one to programmatically setup TXT entries as part of getting the certificate. With a wildcard DNS, we have to now way to automatically setup those entries.
The protocol for normal certificates has a "http" based flow which allows it to work with a single wildcard entry.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login