I’m not even sure this title makes sense. I’m looking to handle LE certificates in cloudflare automatically. Specifically multi level subdomains.
You can hand off subdomain certs to them for single level, but the moment you want multi level you need to manage the certs yourself.
What I’m hoping for is an open source tool that is meant to handle certain requests and distribution. I just don’t know if such a tool even exists, and searching around hasn’t yielded results.
Does anyone have any thoughts?
iggy@lemmy.world 3 weeks ago
This isn’t a cloudflare limitation. It’s a TLS limitation. It was a conscious decision not to support multi-level wildcards. You won’t find a service that supports it. Most people get around this by just not using TLS certs like this. You can encode your multi-level name spacing in 1 level So instead of something like svc1.svcgroup.dev.domain.org You can do it like svcgroup-svc1.dev.domain.org
Never heard of a tool to get around this TLS limitation. There are tools that manage lots of certs (cert-manager in k8s comes to mind). If you had a more concrete example it might help people to suggest solutions.
KairuByte@lemmy.dbzer0.com 3 weeks ago
I’d be fine with individual certs, the issue I’m running into is that a cloudflare proxy record requires a cert for that domain, and they won’t handle that cert without you paying them. You can, however, upload your own cert for it.
I’m trying to find a way to automate that process, since remembering to update a cert manually every 3 months is outside my ability.
iggy@lemmy.world 3 weeks ago
I’m not familiar enough with cloudflare proxy stuff. I just have my DNS pointed at my router external IP (and luckily my ISP doesn’t reset my IP ever.) It sounds like CF has designed this intentionally as a profit center. Sorry couldn’t be no6w help