API for generating SSL cert.

[gamalan]

Do you want to request a feature or report a bug?

Feature

What did you expect to see?

Continuing pull request. Alternative idea to generate SSL cert rather than using onDemand option. Adding an API that may only available when cnameFlattening is active and could be called from the app. To make sure it available, the api will use HTTP-01 challenge, assume a temporary route to use, and simulate onHost procedure.

[nmengin]

Hello @gamalan ,

Many thanks for your interest in the project.

I am not sure to understand but your need seems to be very specific.
You want to allow users to force ACME certificate creation thanks to an entry into the API only if the CNAME flattening right?

Can you explain what can be the advantage to add a feature in Træfik instead of using directly certbot or lego?

[gamalan]

Yeah, it bit too specific. What I want to do is to avoid abuse when cnameFlattening and onDemand is active. Because, when both are active, then it possible for a malicious individual to point a random CNAME record to the available host, generating SSL cert, then remove the record, which leaves unused SSL cert.

An alternative take is making a cron job to check unused SSL cert and remove it regularly. If it too specific, just close it. Just a suggestion.

[gamalan]

After checking the documentation again, it seems already possible using Rest API. Nevermind then.