@girish This worked like a charm. And everything is working as I wanted
And this script is going to change the web hosting industry. I think that it's one of the best scripts I've ever used in this industry. Thank you guys
@omen OK, I figured out how configure Fastly now...
Please configure it like below:
Enable TLS - Yes
Verify Certificate - Yes
Certificate hostname - In my case, it is wildcard. But since you use the 'manual' provider, the hostname is subdomain.example.com.
SNI hostname - this is subdomain.example.com.
With the above settings, fastly serves up pages fine on http.
One thing to remember is, because you are using "manual" DNS provider, Cloudron requires "http" callbacks for Let's Encrypt to work. I am not sure how this works in fastly, does it allow you to have some URLs that are not "cached" ? I guess one way is to call the Cloudron app subdomain as "website.domain.com" but the domain in fastly should be something else like "realwebsite.domain.com" (meaning, name it different). This way, manual setting on Cloudron can continue to use HTTP reliably to get certificates.
If you want the domain names to be same, you have to use one of the automated DNS providers in Cloudron.
@aziz So, certificate for *.devz.cloud is already there, so if you install apps on subdomain it will work. Cert for devz.cloud (it is not a subdomain, so we have to get a separate cert from the wildcard cert) is getting rate limited.
You can just wait for 2-3 days to install an app on the bare domain and that should work. You should be able to install apps in subdomains in the meantime.
Like can there be a memory within cloudron of all subdomains used and when it comes time to renew, just renew it on all of those subdomains?
That's the current behavior. It only renews domains that are in use in Cloudron. AFAIK, there is no way to tell Let's Encrypt to "forget a subdomain" that we had gotten a certificate before. This is the reason why you get the reminder emails from Let's Encrypt about old domains.