sandcastle
sandcastle copied to clipboard
iflowfor8hours
Sandcats / Let's encrypt certificates
I guess the need for a wildcard TLS certificate might be an issue for people getting started with sandcastle. Maybe we can make use of sandcats, the build in certificate service in sandstorm or a custom build let's encrypt based service to automatically get certificates.
What is your opinion on that?
+1 in our deployment we use our own cert so we haven't got around to adding support for sandcats yet.
It would absolutely be useful for a lot of people though -- setup would be a lot simpler with it.
Off the top of my head, I think it would come down to:
- [ ] add
sandcatsboolean config item - [ ] don't install/configure nginx if
sandcats == true - [ ] figure out registration (can sandcats registration be scripted?)
- [ ] write a bit of key mgmt code to upload the sandcats key to the server
- [ ] and possibly download it if we generate it on the server
Thanks for your input Jack, I have some stuff on my todo list. When it is done I will work on that. Please ping me if it gets a higher priority.
Any updates on this? (I'd be very interested in seeing a Let's Encrypt solution)
Hey @joncamfield,
Unfortunately there is no let's encrypt solution possible right now. Let's encrypt doesn't support wildcard certificates and there are rate limits (20 per week as of today > https://letsencrypt.org/docs/rate-limits/).
The Sandcats solution I proposed is maybe still possible. Unfortunately I don't have any time right now to dig deeper into this. The default setup process of Sandstorm currently supports a fully scripted setup. Maybe it's possible to make use of that.
Let's encrypt support wildcard certificates since 2018: https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579
Any plans for a new commit or the project is abandoned?
