Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wildcard certificates #234

Open
nickdbush opened this issue Sep 13, 2018 · 8 comments
Open

Wildcard certificates #234

nickdbush opened this issue Sep 13, 2018 · 8 comments
Labels
enhancement

Comments

@nickdbush
Copy link
Contributor

Does/will modoboa-installer support LetsEncrypt wildcard certificates? This would make provisioning the rest of the server easier as we only have to deal with the one certificate. I love the project, and it makes setting up my email a breeze for which I will be forever indebted!
@tonioo
Copy link
Member

tonioo commented Sep 14, 2018

I don't think it should be too complicated to introduce wildcard certificate support but it would be linked to the created nginx virtualhost... Can you explain your idea a bit more please?

@tonioo
Copy link
Member

tonioo commented Oct 1, 2018

@nickdbush ping

@nickdbush
Copy link
Contributor Author

So I wanted to host Nextcloud on the same server, so I had to manually recreate the SSL certificate with more domain names. However, now that Lets Encrypt offers wildcard certificates, we could produce a certificate for the entire domain when installing modoboa.

@tonioo
Copy link
Member

tonioo commented Oct 1, 2018

Ok I understand.

@rolandf
Copy link

rolandf commented Jan 7, 2020

I just implemented that using DNS-01 / dns-rfc2136 method with bind9 on Ubuntu 18.04.
To make it work the right version of certbot should be on the system (certbot-dns-rfc2136), and bind9 configured to allow updates with grant update to a tsig key. At this time it's a mix of custom ansible scripts that install bind9 and modified modoboa-installer script that does next to nothing as the ansible script did most of the work. In it's current state it's a bit ugly. @tonioo if you agree to give guidance I can tidy it a bit and do a pull request.

@tonioo
Copy link
Member

tonioo commented Jan 13, 2020

@rolandf I think it's a different subject. If I understand well, what you propose it to add support for DNS zone management to the installer?

@rolandf
Copy link

rolandf commented Jan 13, 2020

@tonioo I reflected a bit more and I think that there may be too many way of thinking about how to deploy the DNS. Maybe a middle ground would be to have 3 options for modoboa-installer (1 - self signed, 2 - LetsEncrypt, 3 - It has already been taken care of, please use following certificate ).

@Dragnell87
Copy link

I just implemented that using DNS-01 / dns-rfc2136 method with bind9 on Ubuntu 18.04.
To make it work the right version of certbot should be on the system (certbot-dns-rfc2136), and bind9 configured to allow updates with grant update to a tsig key. At this time it's a mix of custom ansible scripts that install bind9 and modified modoboa-installer script that does next to nothing as the ansible script did most of the work. In it's current state it's a bit ugly. @tonioo if you agree to give guidance I can tidy it a bit and do a pull request.

Sorry, i know is a old topic, but is this available anywhere ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@rolandf @kryskool @tonioo @Dragnell87 @nickdbush