Wildcard HTTPS certificates

[MarekSuchanek]

We have many subdomains for dsw.fairdata.solutions and we want HTTPS for everything. Wildcard certificate(s) are suitable...

• https://en.wikipedia.org/wiki/Wildcard_certificate
• https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html
• https://community.letsencrypt.org/t/wildcard-domain-step-by-step/58250

[MarekSuchanek]

Looks like it uses DNS challenge (which will be a bit bothersome for us since we do not have admin account to our domain 😢)... But we can try... What wildcard certificate we want to have (@janslifka. @vknaisl)? Just *.dsw.fairdata.solutions?

I can try to work on this without breaking the other certs... Also, for the main instance, we might want to use classical certs as now, because those should be seen as more secure. So the *.dsw.fairdata.solutions can be used for "less-important" services, testing/workshop instances, etc., to lower the administration overhead and to fight the rate limits for certificate renewals...

Other options is to have multiple domain names in one single certificate (up to 100). Obviously, this solution needs to know the names before hand unlike wildcard certs.

What should be done?

• Get wildcard *.dsw.fairdata.solutions but use existing single-domain certs for core services (app., api., mail., etc.)
• Get wildcard *.dsw.fairdata.solutions and multi-domain cert for core services (app., api., mail., etc.)
• Get just single-domain and multi-domain certs grouped by instances of the wizard and services
• Nothing, leave it as is (just single-domain, and fight the complexity by using ☕️)

[vknaisl]

I would postpone it now. There will be some changes due to Elixir, GoFair, DSM,.. so I would solve it after all these things will be clear.

[vknaisl]

Moved to Jira: https://ds-wizard.atlassian.net/browse/DSW-86