Comments (6)
The scripts will issue three separate certificates if you create three separate config files for each server
block, however, if you define all of the server
blocks inside the same file only one certificate file will be created with all of the different names included in the list of alt names.
In the first case you will make more certificate requests towards Let's Encrypt, so if you have more than 50 separate domain names that you update multiple times per week you will run into rate limits. You may add up to 100 alt names to each certificate file, so if you combine files you can update up to 5000 domains per week, which I believe is quite a lot. If you use more than that a wild card certificate would be required, but I don't see that being a realistic usecase for this image.
A wildcard certificate would be valid for all subdomains, which would mean that you would only need to handle one file (which is much easier if you aren't using these scripts which make automatic requests for you). A drawback of wildcards is that a *.example.com
certificate would be valid for sub.example.com
but not sub.sub.example.com
, since this would require a *.*.example.com
certificate (but double * in a certificate is not valid, so you would have to make a *.sub.example.com
certificate instead). This image handles an arbitrary amount of subdomains by explicitly including them in each request.
Furthermore, it might be a tiny bit more secure to have a certificate issued to only those domain names that you actually have, instead of accepting any and all subdomains.
from docker-nginx-certbot.
Just to give an update to this: we now actually support wildcard domains as well. So if anyone runs into this issue in the future it is now fixed :)
from docker-nginx-certbot.
Hi pradeepvishwakarma,
As of now this image does not support wildcard domains.
The scripts written are designed so you should not need to create a wildcard certificate, since they will make proper certificate requests for each domain you have configured. So from my perspective a wildcard certificate would not add any benefit for what this image offers, however, is there a usecase of wildcards that I am not aware of?
from docker-nginx-certbot.
I was wondering the same.. I'm just getting into the topic but if I'm running e.g. 'blog.example.com', 'api.example.com' and 'www.example.com' on the same server, the script would currently issue three distinct certificates for each sub-domain instead of one for all *.example.com domains? Not sure sure to what extend this is an issue in practice.
from docker-nginx-certbot.
That makes sense, thanks for elaborating @JonasAlfredsson !
from docker-nginx-certbot.
Since I have not seen any more people asking for this feature I will close this issue with "wont do" for now. This might change in the future if enough demand is encountered :)
from docker-nginx-certbot.
Related Issues (20)
- Failed to establish a new connection: [Errno -3] Temporary failure in name resolution HOT 5
- Certificate Authority failed to download the temporary challenge files created by Certbot. HOT 4
- Running with Dockerfile HOT 6
- Feature request: Fail2ban HOT 1
- Test nginx config on SIGHUP HOT 4
- [Third-party] Cloudflare proxy DNS, SSL encryption mode must be set to "Full" (or Full strict) HOT 3
- config file not being discovered HOT 4
- Update Dockerhub Image HOT 4
- Improve Azure File Share support HOT 2
- Conflicting servername xxx on 0.0.0.0:443 HOT 2
- Speed up DH generation HOT 4
- Standard nginx "docker-entrypoint.sh" not being used HOT 7
- Renewal failed on challenge webroot HOT 5
- Add support for Bunny.net authenticator plugin for DNS-01 HOT 7
- How is log rotation handled? HOT 2
- Publish v5.0.1 to address CVE-2024-24989 and CVE-2024-24990 HOT 2
- Reload nginx config without forced certificat renewal? HOT 7
- no alternative certificate subject name matches target host name HOT 2
- High CVE present on latest (jonasal/nginx-certbot:5.0.1-nginx1.25.4) HOT 1
- adding additional info in the http directive HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-nginx-certbot.