Comment on Cloudflare LE certificate management?
iggy@lemmy.world 3 weeks ago
This isn’t a cloudflare limitation. It’s a TLS limitation. It was a conscious decision not to support multi-level wildcards. You won’t find a service that supports it. Most people get around this by just not using TLS certs like this. You can encode your multi-level name spacing in 1 level So instead of something like svc1.svcgroup.dev.domain.org You can do it like svcgroup-svc1.dev.domain.org
Never heard of a tool to get around this TLS limitation. There are tools that manage lots of certs (cert-manager in k8s comes to mind). If you had a more concrete example it might help people to suggest solutions.
KairuByte@lemmy.dbzer0.com 3 weeks ago
I’d be fine with individual certs, the issue I’m running into is that a cloudflare proxy record requires a cert for that domain, and they won’t handle that cert without you paying them. You can, however, upload your own cert for it.
I’m trying to find a way to automate that process, since remembering to update a cert manually every 3 months is outside my ability.
iggy@lemmy.world 3 weeks ago
I’m not familiar enough with cloudflare proxy stuff. I just have my DNS pointed at my router external IP (and luckily my ISP doesn’t reset my IP ever.) It sounds like CF has designed this intentionally as a profit center. Sorry couldn’t be no6w help
KairuByte@lemmy.dbzer0.com 3 weeks ago
I could expose my IP, I was previously and really don’t have a problem with it. My IP is fairly static. It’s just more convenient to use cloudflared internal to the network and proxy the addresses.
If I can’t figure out an automated solution for this, that’s likely what I’ll do. I’m just hopeful there’s a tool out there to do this that I’m just not familiar with.
Thanks for the response regardless, I appreciate you taking the time!