You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Continuing pull request. Alternative idea to generate SSL cert rather than using onDemand option. Adding an API that may only available when cnameFlattening is active and could be called from the app. To make sure it available, the api will use HTTP-01 challenge, assume a temporary route to use, and simulate onHost procedure.
The text was updated successfully, but these errors were encountered:
I am not sure to understand but your need seems to be very specific.
You want to allow users to force ACME certificate creation thanks to an entry into the API only if the CNAME flattening right?
Can you explain what can be the advantage to add a feature in Træfik instead of using directly certbot or lego?
Yeah, it bit too specific. What I want to do is to avoid abuse when cnameFlattening and onDemand is active. Because, when both are active, then it possible for a malicious individual to point a random CNAME record to the available host, generating SSL cert, then remove the record, which leaves unused SSL cert.
An alternative take is making a cron job to check unused SSL cert and remove it regularly. If it too specific, just close it. Just a suggestion.
Do you want to request a feature or report a bug?
Feature
What did you expect to see?
Continuing pull request. Alternative idea to generate SSL cert rather than using
onDemand
option. Adding an API that may only available whencnameFlattening
is active and could be called from the app. To make sure it available, the api will useHTTP-01
challenge, assume a temporary route to use, and simulateonHost
procedure.The text was updated successfully, but these errors were encountered: