I’m currently running Let’s encrypt to remotely access services on my home server, and it’s working well. My setup is the following : for each service I have set up an A record ‘myapp1.domain.com’ which is accounted for by Let’s encrypt and whose IP is updated by my DDNS client and . So I have in total around 10 A records, each of them has a certificate by Let’s encrypt and each of them is updated by my DDNS client.
So my question comes down to : is it the most efficient setup ? (it certainly does not feel like it is)
Any insight much appreciated, thanks !
an A record doesn't have a certificate. A record: Domain name -> ip address.
If you have 10 subdomains and if you don't use a wildcard A record, you need 10 A records.
That's independent from your certificates.
More important: Do you have 10 Letsencrypt clients? Or one?
Ten subdomains, ten certificates - that's ok. You can create one certificate with 10 domain names, but if you have a working configuration -> use it.
Thanks for the reply ! I had the misconception that a certificate was linked to an A record.
I only have one let’s encrypt client, so I believe it generates a certificate for all of them at once.
Would creating one A record and then 9 CNAMES records pointing to this A record be an option ? (to udpate only one subdomain on the DDNS client side)
That's not relevant.
A domain name must have an ip address. Direct A- or AAAA-record. Or a CNAME, so the A-record of the CNAME value is used.
As Juergen says, nothing in the TLS stack cares whether you have A records, CNAME records, AAAA records, or some other way of connecting a name with an IP address. But as a practical matter, what you describe is probably a better way of going about this--one A record, everything else is a CNAME to that first name, then you only need to update one record when your IP changes.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.