Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. Wildcard DNS & Let's Encrypt Prod certs - are subdomains publicly exposed?

Wildcard DNS & Let's Encrypt Prod certs - are subdomains publicly exposed?

Scheduled Pinned Locked Moved Solved Support
certificates
2 Posts 2 Posters 461 Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • humptydumptyH Offline
    humptydumptyH Offline
    humptydumpty
    wrote on last edited by girish
    #1

    I'm preparing all my domains to use Wildcard DNS instead of DigitalOcean/Manual because I intend on switching to Contabo soon. I'm interested in hiding the subdomains from being listed as mentioned in this CR doc. I can't use "Wildcard DNS + Let's Encrypt Prod - Wildcard" because CR says:

    Wilcard cert requires a programmable DNS backend
    

    However, I can use "Wildcard DNS + Let's Encrypt Prod". Am I out of luck in hiding my subdomains from the "certificate transparency log"?

    girishG 1 Reply Last reply
    0
    • humptydumptyH humptydumpty

      I'm preparing all my domains to use Wildcard DNS instead of DigitalOcean/Manual because I intend on switching to Contabo soon. I'm interested in hiding the subdomains from being listed as mentioned in this CR doc. I can't use "Wildcard DNS + Let's Encrypt Prod - Wildcard" because CR says:

      Wilcard cert requires a programmable DNS backend
      

      However, I can use "Wildcard DNS + Let's Encrypt Prod". Am I out of luck in hiding my subdomains from the "certificate transparency log"?

      girishG Offline
      girishG Offline
      girish
      Staff
      wrote on last edited by
      #2

      @humptydumpty That's right. No way to get wildcard certs with wildcard DNS.

      To get a wildcard certificate, one needs to be able to program/automate the DNS. Let's Encrypt (acme) protocol requires one to programmatically setup TXT entries as part of getting the certificate. With a wildcard DNS, we have to now way to automatically setup those entries.

      The protocol for normal certificates has a "http" based flow which allows it to work with a single wildcard entry.

      1 Reply Last reply
      1
      Reply
      • Reply as topic
      Log in to reply
      • Oldest to Newest
      • Newest to Oldest
      • Most Votes


      • Login

      • Don't have an account? Register

      • Login or register to search.
      • First post
        Last post
      0
      • Categories
      • Recent
      • Tags
      • Popular
      • Bookmarks
      • Search