Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[RFE] Support for wildcars #61

Closed
e-minguez opened this issue Mar 28, 2018 · 10 comments
Closed

[RFE] Support for wildcars #61

e-minguez opened this issue Mar 28, 2018 · 10 comments

Comments

@e-minguez
Copy link

@e-minguez e-minguez commented Mar 28, 2018

It seems letsencrypt now supports wildcards so maybe the controller can handle the renewal of the wildcard and modify the router secret.

@tnozicka
Copy link
Owner

@tnozicka tnozicka commented Mar 28, 2018

wildcard domains must be validated using the DNS-01 challenge type. This means that you’ll need to modify DNS TXT records in order to demonstrate control over a domain for the purpose of obtaining a wildcard certificate

requiring DNS validation only is not an easy start for us as that needs #41 first

@tnozicka
Copy link
Owner

@tnozicka tnozicka commented Mar 28, 2018

But yes, Router is the main target here with wildcard support.

We also need client (library) support for v2 (golang/go#21081)

@djdevin
Copy link

@djdevin djdevin commented Nov 30, 2018

assuming that verification works, what are the chances of having this work on multiple routes with the same certificate? i.e. not just one route that is a wildcard route

example, we have a ton of apps that use the default route so there's abc.example.com, def.example.com, etc

right now we have to request individual certificates for all of those, which works great. but we frequently exhaust limits since the base "account" to Let's Encrypt is the same

@computate
Copy link

@computate computate commented Mar 15, 2019

It is possible to generate wildcard certs with certbot/letsencrypt, I do it every 3 months. I did it a few days ago. You just have to point it to an updated server like this one: https://acme-v02.api.letsencrypt.org/directory

get latest certs from certbot from DNS challenges.

sudo certbot -d example.com -d *.example.com -d *.apps.example.com -d example.org -d *.example.org -d *.apps.example.org –manual –preferred-challenges dns certonly –server https://acme-v02.api.letsencrypt.org/directory

@openshift-bot
Copy link

@openshift-bot openshift-bot commented Jun 13, 2019

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@tnozicka
Copy link
Owner

@tnozicka tnozicka commented Jun 27, 2019

/remove-lifecycle stale
/lifecycle frozen

@tnozicka
Copy link
Owner

@tnozicka tnozicka commented Oct 11, 2019

fyi we will be switching to acme v2 this month I think, we might get some default DNS provides with new library

syncing the secret from another route/secret in the same namespace is an option, but I'd have to think it through when we switch and have wildcards

@Maniket-dev
Copy link

@Maniket-dev Maniket-dev commented Nov 25, 2020

Hi @tnozicka - is this openshift ACME controller implementation (https://github.com/tnozicka/openshift-acme ) only for 'Let's encrypt' CA or we can use it for other Certificate Authority also ? Thank you

@tnozicka
Copy link
Owner

@tnozicka tnozicka commented Nov 26, 2020

It works with any CA supporting ACME protocol, Let's Encrypt is just one of the providers.

@Maniket-dev
Copy link

@Maniket-dev Maniket-dev commented Dec 9, 2020

Thank you @tnozicka . Just one query here , in case of a private CA , do we need to just make changes to below config map data and what is directory URL here.....

"cert-issuer.types.acme.openshift.io": '{"type":"ACME","acmeCertIssuer":{"directoryUrl":"https://acme-v02.api.letsencrypt.org/directory"}}'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
7 participants