SpComb
commented
6 years ago It's currently not even possible to use wildcard certificate manually imported certificates as the loadbalancer stack fails with the error: [error] Psych::SyntaxError : (loadbalancer.yml): did not find expected alphabetic or numeric character while scanning an alias at line 16 column 18 Where that line is the subject line of the certificates using the *.domain.tld format.
That's a syntax error in the YAML, try quoting it:
certificates:
subject: "*.example.com"AFAIK wildcard certs should work, that's a separate bug if they do not.
Now that Letsencrypt finally supports wildcard certificates it would be nice to get wildcard support directly to the Kontena loadbalancer.
Not trivial to implement fully automated support for wildcard certs, because LE only issues wildcard certs for dns-01 challenges. We could support kontena certificate authorize --type dns-01 *.example.com if we upgraded to the ACMEv2 API, but that will require manual updating of the DNS TXT records for renewals. Automating dns-01 challenges would require integration with external DNS providers, which is a major task.
OTOH, wildcard certs wouldn't even be strictly necessary if the Kontena LE integration were further improved to make it much easier to deploy new services with new non-wildcard LE certificates: #1791 #2958
mlaitinen
Now that Letsencrypt finally supports wildcard certificates it would be nice to get wildcard support directly to the Kontena loadbalancer. It's currently not even possible to use wildcard certificate manually imported certificates as the loadbalancer stack fails with the error:
[error] Psych::SyntaxError : (loadbalancer.yml): did not find expected alphabetic or numeric character while scanning an alias at line 16 column 18Where that line is the subject line of the certificates using the *.domain.tld format.