Comments (5)
You could probably do this yourself, but it's very odd indeed. You'd probably have to fiddle with a config/setup that works, unfortunately I don't have the time for that right now. What would you do if you get a cert for a subdomain -- just stop trying to get a wildcard cert?
Can you elaborate more on this:
However, it's still relatively slow when getting certs for new subdomains
from certmagic.
What would you do if you get a cert for a subdomain -- just stop trying to get a wildcard cert?
No, I'd want to switch to using the wildcard cert ideally.
Can you elaborate more on this:
However, it's still relatively slow when getting certs for new subdomains
Some more context might clarify things a bit. I'm building a tunnel service, a la ngrok or Cloudflare Tunnel. This is something of an ongoing interest of mine0. My service will hand out subdomains on wg8.org
, so for example I could claim anders.wg8.org
.
Once that control has been delegated, I'll want to manage the certs myself on the client side in order to get e2ee. I'll also want to run a number of apps, such as jellyfin.anders.wg8.org, nextcloud.anders.wg8.org, etc. When using on-demand certs, the first visit to each domain takes about 2-5 seconds before the cert is acquired. If I used dns-01 immediately after gaining control of anders.wg8.org, those would all be instantaneous. I could also use ManageAsync after the user sets up the subdomain for a given app, but typically the first thing they want to do is immediately open/be redirected to the app so that might not improve things much.
There are also rate limiting concerns here. I'm planning to get wg8.org
added to the public suffix list, but until that's done I'm concerned we'll be hitting Let's Encrypt rate limits much sooner.
from certmagic.
So to make sure I understand, the primary concern is that your first connection is going to take a couple of seconds?
(Sorry for the late reply. Busy times!)
from certmagic.
No worries! I would say concern is equality distributed between the couple seconds it takes, but also that the time it takes is fairly variable. Sometimes Let's Encrypt is slow.
from certmagic.
@anderspitman Instead of PSL, have you considered filing a rate limit exemption request with Let's Encrypt? They have a form for use cases like yours.
from certmagic.
Related Issues (20)
- Question: About `ACMEIssuer.AltTLSALPNPort` parameter HOT 3
- Feature Request: Use `log/slog` instead of Zap HOT 8
- Using Certmagic with pebble HOT 1
- DecisionFunc and certificate clean up HOT 2
- Gandi dns-01 challenge fail: 400 Absolute rrset_name must end with mydomain.org HOT 1
- How do I use CacheUnmanagedTLSCertificate correctly? HOT 6
- Support zerossl IP cert HOT 3
- Support customizable certificate validity period HOT 2
- Add: Deactivating an Authorization (7.5.2) HOT 4
- Certificate Import HOT 16
- Add proxy option for OCSP stapling requests HOT 6
- Ability to disable logs with `no information found to solve challenge for identifier` HOT 3
- Config option for what the Caddy ask endpoint protects / DecisionFunc HOT 2
- How to manually issue a certificate HOT 3
- Is FallbackServerName still experimental? HOT 3
- Question: How to issue wildcard certificates rather than exact subject name in OnDemand? HOT 5
- FileStorage Delete doesn't delete non-empty directories HOT 7
- Implement ARI HOT 2
- How to disable logs? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certmagic.