Split certificate generation for additional domains from main domains

ferristocrat commented 7 months ago

What is the problem/pain point?

We need to split obtains and renewals for additional domains from main domains in Gateway-MT. Otherwise, the gateway's running is based on the correctness of DNS entries that might have been created by someone else than the gateway's administrator.

Acceptance Criteria

TLS certificates generation for additional domains is separate from main domains
- This should be the case for new certs as well as renewals
There's a well-visible and well-documented configuration that defines what additional and what main domains are

pwilloughby commented 7 months ago

This might be also be a good time to update certmagic. It's not spelled out in the acceptance criteria but missing an additional domain cert should be a warning instead of fatal like missing a main domain cert.

storj-gerrit[bot] commented 6 months ago

Change {pkg/server,pkg/httpserver}: add optional domains for cert generation mentions this issue.

storj / edge

Split certificate generation for additional domains from main domains #395

What is the problem/pain point?

Acceptance Criteria