wildcard - Lets Encrypt
Published 5 months ago
Published 5 months ago
kaons_
Updated 5 months ago
0
Can you please enable support for wildcard certificates using DNS-01 challenge method in the WAF?
Carrie
Updated 5 months ago
<@653340659020857364> has put together a super useful guide on setting up wildcard certificates with auto renewal in SafeLine WAF using acme.sh and Cloudflare DNS-01 challenge:
https://blog.signolabz.com/post/how-to-add-wildcard-certificate-with-auto-renewal-z1zb7zm
If want to use wildcard certs via DNS-01, this might be an alternative solution. Welcome to read and share your thoughts!
Chris Couture
Updated 5 months ago
0
Second this request!
LowPass
Updated 5 months ago
0
Just came here to support this suggestion. It already came up a couple of times. More convenience, more safety. A must have feature.
Carrie
Updated 5 months ago
0
Thank you all for being with us this year!
About this issue, we recently had another internal discussion about it.
DNS challenge requires direct write access to domain DNS records, while a self-hosted WAF is deployed locally in the user’s environment and does not control DNS.
So DNS challenge can only be natively supported by cloud WAFs (which also act as DNS providers), or implemented in self-hosted scenarios by integrating with external DNS provider APIs.
But this approach introduces many issues, such as higher deployment complexity, significant differences across DNS providers, increased operational overhead, and greater security risks related to managing API keys.
So the current conclusion remains that we'll not add this to the roadmap right now."
LowPass
Updated 5 months ago
0
…as <@1282641039298924606> has pointed out, one can use acme.sh docker container to handle the automatic (e.g. wildcard) certificate renewal, and let it copy directly to the /certs folder of safeline. Followed by a quick nginx reload and the cert is there.
Port 80 can be closed again, and no more leaked subdomain information.
Thats a flawless workaround.