Letsencrypt have started the wildcard support

kanhu · March 13, 2018, 8:32pm

Hi
Letsencrypt have started the wild card support https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579
Will be excited to see it YunoHost.

Jean31 · October 30, 2018, 3:06pm

Hi,

Do you know if it possible?
I would like to redirect my bog.mondomain.fr on Gitlab pages
The redirection is effective but on http not on https . So I would like to add a certificat for blog.mondomain.fr

Any idea?

Thank you

Aleks · October 30, 2018, 4:03pm

Uh but what does it has to do with wildcards for certificates ? é_è

Jean31 · October 30, 2018, 4:09pm

Do we talk about a single certificate for all subdomains *.mondomain.fr , instead of generate a certificate by subdomains?

AM I wrong?

kanhu · October 30, 2018, 4:53pm

@Jean31

You just have to do :
$ yunohost domain cert-install blog.mondomain.fr

Jean31 · October 30, 2018, 5:12pm

I test it:

$ yunohost domain cert-install blog..fr
Error: Unknown domain blog..fr

May be is due to my blog is not an app from yunohost, I just want to host my certificate but the blog is on gitlab-pages and an DNS entry do the bind

kanhu · October 30, 2018, 5:15pm

How do blog.mondomain.fr redirects to the gitlab-pages?

Jean31 · October 30, 2018, 5:32pm

modifying DNS entry: https://docs.gitlab.com/ee//user/project/pages/getting_started_part_three.html#doc-nav
Thats done for me but not without certificate

kanhu · October 30, 2018, 5:43pm

Better way is to register blog.mondomain.fr on yunohost. Install letsencrypt for it.
Go to /etc/nginx/conf.d/blog.mondomain.fr.d and make a file redirect.conf.
configure the domain setting to redirect to the gitlab-pages.

location / {


    return 301 $scheme://gitlab-pages$request_uri;


}

Jean31 · October 31, 2018, 9:28am

In my case the redirection is not made by yunohost is made by the DNS entry. No need to manually change NGinx (better )
I was wondering if it was possible to manage the subdomain certificate with yunohost and then copy/paste the key/cert

kanhu · October 31, 2018, 12:08pm

I don’t think it would be possible to have certificate without having a domain on Yunohost.
Maybe @Aleks can help you out on this. This thread was started because to have wildcard certificate which would help need of having different certificates for sub domains.

Jean31 · October 31, 2018, 2:37pm

And more : create a subdomain create all configuration for mail webmail etc… that I don’t need

Thank you for your answer and time

Aleks · October 31, 2018, 4:29pm

About wildcards certificates :

as (I think) answered in another similar thread, imho this is really not a priority for Yunohost since the general use case is to have a handful (let’s say ~10 max ?) domains and the existing certificate system is fine. Supporting wildcards certificates would make everything much more complicated from the technical point of view and only save clicks for the few people with 10+ subdomains.

Now about @Jean31’s question : no there’s no mechanism in YunoHost allowing you generate a certificate for a domain which is not configured in YunoHost

frju365 · November 1, 2018, 11:47am

Btw: WildCard LE cert is not possible with ACME_Tiny (python scripts used by Yunohost). Please see discussion and the decision of the project : https://github.com/diafygi/acme-tiny/issues/199