Sandcats / Let's encrypt certificates

[JamborJan]

I guess the need for a wildcard TLS certificate might be an issue for people getting started with sandcastle. Maybe we can make use of sandcats, the build in certificate service in sandstorm or a custom build let's encrypt based service to automatically get certificates.

What is your opinion on that?

[jacksingleton]

+1 in our deployment we use our own cert so we haven't got around to adding support for sandcats yet.

It would absolutely be useful for a lot of people though -- setup would be a lot simpler with it.

Off the top of my head, I think it would come down to:

• [ ] add sandcats boolean config item
• [ ] don't install/configure nginx if sandcats == true
• [ ] figure out registration (can sandcats registration be scripted?)
• [ ] write a bit of key mgmt code to upload the sandcats key to the server
• [ ] and possibly download it if we generate it on the server

[JamborJan]

Thanks for your input Jack, I have some stuff on my todo list. When it is done I will work on that. Please ping me if it gets a higher priority.

[joncamfield]

Any updates on this? (I'd be very interested in seeing a Let's Encrypt solution)

[JamborJan]

Hey @joncamfield,

Unfortunately there is no let's encrypt solution possible right now. Let's encrypt doesn't support wildcard certificates and there are rate limits (20 per week as of today > https://letsencrypt.org/docs/rate-limits/).

The Sandcats solution I proposed is maybe still possible. Unfortunately I don't have any time right now to dig deeper into this. The default setup process of Sandstorm currently supports a fully scripted setup. Maybe it's possible to make use of that.

[hubitor]

Let's encrypt support wildcard certificates since 2018: https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579

Any plans for a new commit or the project is abandoned?