[ FEATURE ] Real SSL certs

[OmgImAlexis]

Using a method similar to Plex we should be able to setup some kind of server that would allow us to issue let's encrypt certs for *.*.pymedusa.com where the first section is an ip and the second being a hash the client's server has. The reason for the hash is to make sure that the private cert we hand the client's server would only be able to be used for a single session. If their IP changes they won't be able to forge a connection even if someone else is using their old IP.

For example 127-0-0-1.askdmlkasdmklasmdl.pymedusa.com.

Another way would be to have a form in Sickrage where the user can choose an avalible subdomain, we then connect to the server and issue a SSL cert for *.clients.pymedusa.com where the * is their chosen subdomain.

Both of these would require the user to send their IP to our server. Do keep in mind a IP address doesn't reveal anything more than the fact that they're using our software and/or someone has used their IP when asking for a cert to be issued.

[labrys]

I'm fully aware of the inherent risks involved in exposing your IP, and while I don't think this would be an inherently bad thing, I feel that it first and foremost should be disabled by default (anything that exposes personal information of any sort should be 'opt-in' not 'opt-out').

[OmgImAlexis]

Of course, this would just add another layer of ease for people that would like to have their server secure but don't want to have to deal with a self signed cert.

[labrys]

Added to master feature request list - discussion for feature will continue here even though issue is closed.