Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved Wildcard DNS & Let's Encrypt Prod certs - are subdomains publicly exposed?

    Support
    certificates
    2
    2
    163
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • humptydumpty
      humptydumpty last edited by girish

      I'm preparing all my domains to use Wildcard DNS instead of DigitalOcean/Manual because I intend on switching to Contabo soon. I'm interested in hiding the subdomains from being listed as mentioned in this CR doc. I can't use "Wildcard DNS + Let's Encrypt Prod - Wildcard" because CR says:

      Wilcard cert requires a programmable DNS backend
      

      However, I can use "Wildcard DNS + Let's Encrypt Prod". Am I out of luck in hiding my subdomains from the "certificate transparency log"?

      girish 1 Reply Last reply Reply Quote 0
      • girish
        girish Staff @humptydumpty last edited by

        @humptydumpty That's right. No way to get wildcard certs with wildcard DNS.

        To get a wildcard certificate, one needs to be able to program/automate the DNS. Let's Encrypt (acme) protocol requires one to programmatically setup TXT entries as part of getting the certificate. With a wildcard DNS, we have to now way to automatically setup those entries.

        The protocol for normal certificates has a "http" based flow which allows it to work with a single wildcard entry.

        1 Reply Last reply Reply Quote 1
        • First post
          Last post
        Powered by NodeBB