Hi all,
I’ve got a multi tenant setup where tenants have their own subdomain. Now I’m running a jenkins task to renew all domains, but I was wondering if there is a way to modify an existing config smartly so new subdomains can de added or removed, or should I drop an existing config and create a new one from scratch (in this case, how to do that?).
What are your throughts on this?
cheers,
pedro
interesting
are your clients limited to one or two subdomains
How do you know when clients add new domains?
Andrei
No, each client has its own subdomain. Basically when a new clients gets added a new domain has to be included in the cert. I can generate a -d {domain} list for all clients for the certbot command to generate a new certificate, and remove the old one, but that doesn’t feel like a proper way to do this.
The only other option is to request a new certificate for each subdomain. Certificates are immutable (unable to be changed) once issued, and and changes to their data requires a new certificate to be created.
Keep in mind that there are rate limits and a maximum of 100 names for a single certificate. If the clients are intended to be fully separated, you could also look into adding the domain to the Public Suffix List, which offers some nice security measures in browsers and is used by Let’s Encrypt to determine what names are truly independent.
Alternately, if you have a bit of money, you could use a wildcard certificate from a different vendor. You can often get them for less than $80/yr. Depending on the value of your time in setting up things to work with LE, and if you’ll be running into rate limits, it may be a better solution for your needs.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.