Wildcard certificates

[cyberb]

We need to implement certbot's wildcard certificate support.

This will remove the need for http port 80 availability as it uses txt dns record verification mode. It will be only available for syncloud.it domains as we control the dns.

Custom domains will still have to use http verification mode as we do not control the dns.

[Tizona1]

Hi Cyberb, is there an ETA for this implementation? After it is implemented, can I disable the port forward rule for "80". Thanks Chris

[cyberb]

At the moment I am busy with backup/restore feature, so it will be after that, it may take couple of months unless someone is willing to help.

Yes, it will remove the need for port 80 mapping for syncloud it domains.

[cyberb]

By the way you do not need port 80 mapping all the time just before the certificate expiration.

[Tizona1]

Thank you! Had I the expertise you would have had a volunteer.

[cyberb]

Implementation is done just testing various cases.

[cyberb]

Released

[dumblob]

It will be only available for syncloud.it domains as we control the dns.

Hm, why? Everybody who sets up their custom domain (buys it) has by definition control over their DNS.

This is actually the second biggest reason to run own email/... server. Namely to have full control over DNS.

Is the wildcard support really only available (hard-coded so to say) for syncloud.it domains?

[cyberb]

wildcard support is available for personal domain on premium yes, the original comment was made on 2018 :)

[cyberb]

https://github.com/syncloud/platform/wiki/Premium

[dumblob]

Please refer to https://github.com/syncloud/platform/issues/583#issuecomment-1407090332 for explanation why this should not be part of premium if one wants an email server (with non-email services this is OK and can stay premium).