New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New local dev domain + valid HTTPS cert #498
Comments
If it is also possible can we structure the code so that if DOCKSAL_DNS_DOMAIN is set it is also possible to create a LetsEncrypt certificate. My use case for this is, I use Docksal on a development server that uses a domain name that is publicly accessible to allow clients to preview sites. |
@frederickjh are you asking for a fully automated integration with LetsEncrypt? E.g. just set Something like that would be a killer feature, indeed. However, it will also require a substantial amount of work. For wildcard domains/certs that may not even be possible to fully automate, since LetsEncrypt requires DNS level verification to issue those. What will be possible - is do the cert request manually and then have |
The manual renewal is OK for me. |
Apparently, the idea of shipping a cert with the app, which points to a local/internal IP is not new. https://letsencrypt.org/docs/certificates-for-localhost/
From https://groups.google.com/d/msg/mozilla.dev.security.policy/pk039T_wPrI/nl6jDeEFCgAJ
Long discussion on Reddit on Blizard installing a self-signed cert as trusted on user mahcines: An here's an total overkill option (for local development needs) from Cloudflare: Keyless SSL: The Nitty Gritty Technical Details |
Adding trusted certs from command line:
|
ddev uses mkcert to accomplish this. Then they generate certificates for containers when starting them. Perhaps Docksal could go a similar route. |
Closing in favor of:
|
Add support for
*.x.docksal.io
with a valid cert from LetsEncrypt.This will be optional and in addition to the default
*.docksal
domain.This requires changes to
docksal-vhost-proxy
anddocksal-dns
services.Related: #1215
The text was updated successfully, but these errors were encountered: