Let's Encrypt profiles

girish

Let's encrypt announced profiles recently - https://letsencrypt.org/docs/profiles/ . This has now reached GA - https://letsencrypt.org/2026/01/15/6day-and-ip-general-availability

For example, this allows you to create certs which are short lived (like 6 days).

I added support for this in the code but it's not exposed to end user. Was wondering if anyone has use case for this in Cloudron world. I can't think of any but wanted to check.

scooke

I read that it has IP support. Does that mean that on my Cloudron with a dashboard at my.example.com, one cert would then cover all other apps on my Cloudron, like nextcloud.example.com, bitwarden.example.com, wordpress.example.com, and even office.go.com, mynostr.com, ghostblog.org and otherservice.ca, rather than every app/domain needing their own cert??

girish

I think IP support only means you can get a certificate for an IP. http protocol still requires domain names and certs for each domain for vhost'ing (i.e multiple domains in the same IP) to work.

Also, if you use wildcard certs, there is only shared cert for every domain in cloudron .

robi

@girish would this be more applicable to the planned VPN work which can expose hidden/private/temp/test services through an useful subdomain tied to an IP:port configuration?

malvim

@robi I think cloudron would probably expose these internal apps with a proper cloudron domain and something like the proxy app, which already supports https the usual cloudron way

robi

@malvim perhaps, but then it wouldn't be a use case of this feature.

andreasdueren

@girish said in Let's Encrypt profiles:

use case

What about issuing a certificate for the IP address during initial setup? Would encrypt the initial admin credentials.