Why not automaticaly generate Let's Encrypt certificate?

Just curious :

Why don’t yunohost automatically try to generate a certificate when a new domain is added ?

Isn’t this action (almost) always necessary ? And is there any case where you should be careful not to do it ?

Because there’s no guarantee that the port forwarding and DNS record will be correctly configured, and because having things “magically working but sometimes it randomly doesnt”, is terrible UX

However there are discussions about simplifying the workflow when adding a subdomain : Option to add (sub)domain with Let's Encrypt certificate / Simplify the UI flow · Issue #1634 · YunoHost/issues · GitHub

1 Like

Thanks for your answer, I think I understand !

As stated in the issue you linked the current flow is pretty awkward, and can be a source of confusion.

I understand that keeping thing working consistently in the web admin is one of the major strength of Yunohost, and certainly the reason why I loved it so much at first use. But maybe taking the risk of automatic it and explicitly warning the user that the certificate process failed would be a less confusing situation most the time.

I am very much not confident in my critic, because I never had the certification process failed, and had much more trouble understanding why the button was grey out and that I had to go to the diagnosis page. Maybe my situation is not so common, and much more people than I think encounter issues when trying to get their certificate signed !