Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    SOLVED Is Cloudron could get Let's encrypt SSL via DNS ?

    Support
    dns https letsencrypt ssl
    5
    12
    60
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JOduMonT
      JOduMonT last edited by

      Long story short my provider block (sometimes not always) many port, such as 80 (it's for my own good they said) but port 443 still open.

      I use LinuxServer/LetsEncrypt has reverse proxy mainly because it allow me to prove my authority on my subdomain via DNS than I redirect all http to https with cloudflare.

      Basically I would like to understand if it's possible to request the SSL of Let's Encrypt via DNS with Cloudron.

      mehdi 1 Reply Last reply Reply Quote 0
      • nebulon
        nebulon Staff last edited by

        Cloudron already uses DNS challenge for Acme2 if that domain is managed by one of the automated provider. So only if a domain has one of noop|manual|wildcardset as the provider, Cloudron will use http challenge.

        JOduMonT 1 Reply Last reply Reply Quote 0
        • mehdi
          mehdi App Dev @JOduMonT last edited by

          @JOduMonT It is possible, just configure cloudron certificate provider to Let'sEncrypt Wildcard.

          (My 2 cents : switch providers. If they are this incompetent, it does not bode well..)

          JOduMonT 1 Reply Last reply Reply Quote 0
          • JOduMonT
            JOduMonT @mehdi last edited by

            @mehdi said in Is Cloudron could get Let's encrypt SSL via DNS ?:

            (My 2 cents : switch providers. If they are this incompetent, it does not bode well..)

            yes but they are the only one which speak an english I could almost understand 😛

            1 Reply Last reply Reply Quote 0
            • JOduMonT
              JOduMonT @nebulon last edited by

              @nebulon said in Is Cloudron could get Let's encrypt SSL via DNS ?:

              Cloudron already uses DNS challenge for Acme2 if that domain is managed by one of the automated provider. So only if a domain has one of noop|manual|wildcardset as the provider, Cloudron will use http challenge.

              so what is your saying is it should work out of the box ?

              1 Reply Last reply Reply Quote 0
              • nebulon
                nebulon Staff last edited by

                If you are using a dns provider set in Cloudron for those domains, then yes it should work already. To be clear, I am talking about providers set as mentioned in https://cloudron.io/documentation/domains/#dns-providers

                1 Reply Last reply Reply Quote 2
                • JOduMonT
                  JOduMonT last edited by

                  @nebulon thanks, it worked like a charm 🙂

                  1 Reply Last reply Reply Quote 1
                  • girish
                    girish Staff last edited by girish

                    Just wanted to add that (by default) when you use one of the DNS providers, we will also try to get wild card certs. This has the advantage that the subdomain name is not part of the certificate transparency logs. This is a form of security by obscurity but hey everything helps. For example, you can search your domain name here - https://transparencyreport.google.com/https/certificates

                    JOduMonT 1 Reply Last reply Reply Quote 1
                    • JOduMonT
                      JOduMonT @girish last edited by

                      @girish said in Is Cloudron could get Let's encrypt SSL via DNS ?:

                      This is a form of security by obscurity but hey everything helps.

                      you means it is more private, more obscure ?

                      but it is not more secure.

                      I personally always choose one certificate of every subdomain, which, at the end, is not necessary more secure just more forged 😉

                      1 Reply Last reply Reply Quote 0
                      • girish
                        girish Staff last edited by

                        @JOduMonT said in Is Cloudron could get Let's encrypt SSL via DNS ?:

                        you means it is more private, more obscure ?

                        yes, indeed. On some cloudron instances, I have apps which are installed as "customername.domain.com". I like to keep the 'customername' part private.

                        JOduMonT d19dotca 2 Replies Last reply Reply Quote 1
                        • JOduMonT
                          JOduMonT @girish last edited by

                          @girish said in Is Cloudron could get Let's encrypt SSL via DNS ?:

                          I like to keep the 'customername' part private.

                          I never taught about it this way but will definitely keep it in mind 😉

                          1 Reply Last reply Reply Quote 0
                          • d19dotca
                            d19dotca @girish last edited by d19dotca

                            @girish This is an interesting observation. I was just looking to see if this was a real security threat or not, and I suppose it isn't but can offer a bit more privacy using the wildcard approach. Any particular reason why the Let's Encrypt wildcard support can't be done through the actual Cloudron wildcard DNS approach? Is there a way to support this? I'd really like to take advantage of a smaller DNS provider which has some great monitoring features included, but it isn't supported via any API by Cloudron yet, so if I go that route I can only use the Wildcard option, but those don't actually allow for the wildcard certificates.

                            Edit: Nevermind, I see why in the docs: "Let's Encrypt only allows obtaining wildcard certificates using DNS automation. Cloudron will default to obtaining wildcard certificates when using one of the programmatic DNS API providers."

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post