-
Notifications
You must be signed in to change notification settings - Fork 49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use Let's Encrypt to support HTTPS #35
Comments
Great idea because without https it's unusable for me! |
Same problem here, http redirect works fine, https does not work. |
Unfortunately redirecting using https doesn't work because redirect.center needs the certificate for each domain, using DNS only it's not possible. I might create this possibility in the future but it needs to be a different project and might have some costs. |
My experimental instance at https://redirect.lelux.fi/ supports HTTPS It About A records: Please do not point wildcards though, as it would get me ratelimited from LE's API when many of those subdomains are accessed by some scanner bots And most of the subdomains would not work before a cert has to be generated, so users would get only TLS connection errors which would degrade the experience. |
Code available here: https://github.com/theel0ja/redirect.center-cert-ask Uses Caddy for on-demand HTTPS and PHP script to validate CNAME (optional) |
We can frontend with nginx to add HTTPS. Let's Encrypt also supports wildcard domains which seem to work with the browsers I have tried. If hostname is redirect.center, obtain a certificate for *.center to cover all subdomains. I have also successfully frontended with AWS CloudFront using a wildcard alternate domain.
Edit: Probably should mention this assumes all your redirect domains will share a common parent domain as ours do eg. test.center in this case. |
Current configuration, it redirects any subdomain to https://twitter.com/fregante.
It works when visiting
http
URLs: (example using httpie)But it doesn't when the URL is already HTTPS:
Nowadays this can be done via Let's Encrypt, at least for requests following the first one (since it might take more than a few seconds to validate the domain)
The text was updated successfully, but these errors were encountered: