cross-posted from: discuss.online/post/41958206
Open to suggestions for managing Caddy for domains from Porkbun.
- Porkbun itself is using Cloudflare.
- Their Caddy module is confusing to setup due to API changes and older documentation.
- I’d like to use a declarative json configuration, but first I just need Porkbun to play nice enough to work when adding subdomains via wildcard.
The Goal
Setup legit Let’s Encrypt as wildcard locally to test services at
*example.domain.com, then put them into production on mainsite wildcard*.domain.comon VPS or similar.Seeking Advice
Can anyone advise on setup recommendations. I’m currently using Nginx, which I had no difficulty setting up with ACME challenge. Perhaps I’m approaching Caddy in the wrong way. Thanks for any ideas!
moonpiedumplings@programming.dev 22 hours ago
Just to be clear, why wouldn’t simply provisioning a certificate for each subdomain under the wildcard work?
Like, if you have a test site test.example.domain.com, you could have nginx (using acme) create a certificate for that. And then when you move to test.domain.com, nginx would do the same thing.
Now, technically letsencrypt does have a rate limit, but it’s a fairly generous rate limit:
I would do my testing this way, and I didn’t hit any limits, although I was careful to keep certificates and reuse them, and to not spam.
If you need more domains with SSL than that rate limit would provide, then it would make sense to investigate Caddy with porkbun, since DNS-01 challenges are the only way to get wildcard certificates, which apply to a whole wildcard.
Pika@sh.itjust.works 18 hours ago
I wasn’t aware of that the managed registered domains the way they do. I may need to reconcider my certificate setup currently, as I currently run a certificate per service because its more secure, but if they count x.website.com certificates as website.com certificates, its entirely possible that when they switch to short lived certificate defaults I may come close to that rate limit.
i_am_not_a_robot@discuss.tchncs.de 18 hours ago
If they cut the validity time for certificates, I’d expect them to also increase the rate limits by a corresponding amount. It’s not like they have anything to gain by making it so regular users can’t use the service anymore. They can’t upsell you to Lets Encrypt Premium with a higher rate limit.
kiol@discuss.online 22 hours ago
Thanks for the thoughts. I’ll reference this as I continue working on this.