maran
commented
7 years ago Challenges:
At the time of writing Letsencrypt only supports 20 certificates per domain. This results in a few problems.
- Since all domains are currently hard coded to use the bysh.io as top level domain this means that all Connect users as a whole can only request 20 SSL certificates, it's also very hard to keep track of the amount of requests done since it's not done centralised.
The first part could be solved by allowing users to bring in their own domains. However this would still leave the following problem:
- Users can only request SSL for 20 apps, this might be enough but it's hard to tell. When you use multiple connect boxes on the same domain you still might hit a limit. Also when deleting installing apps certificates will have to be updated which also adds to the limit.
We could solve these problems by using more elaborate code that actually aggregates all the requested domains and puts them in a single certificate. The problem is that this does expose all available (sub-)domains as soon as one of them is discovered. I'm not sure this is a good trade-off and it does complicate the code.
It should be possible for routes to also offer https support next to http.