modoboa-installer icon indicating copy to clipboard operation
modoboa-installer copied to clipboard

Published 20 hours ago verified publisher icon modoboa

Wildcard certificates

Open nickdbush opened this issue 6 years ago • 8 comments

Does/will modoboa-installer support LetsEncrypt wildcard certificates? This would make provisioning the rest of the server easier as we only have to deal with the one certificate. I love the project, and it makes setting up my email a breeze for which I will be forever indebted!

nickdbush avatar Sep 13 '18 16:09 nickdbush

I don't think it should be too complicated to introduce wildcard certificate support but it would be linked to the created nginx virtualhost... Can you explain your idea a bit more please?

tonioo avatar Sep 14 '18 12:09 tonioo

@nickdbush ping

tonioo avatar Oct 01 '18 11:10 tonioo

So I wanted to host Nextcloud on the same server, so I had to manually recreate the SSL certificate with more domain names. However, now that Lets Encrypt offers wildcard certificates, we could produce a certificate for the entire domain when installing modoboa.

nickdbush avatar Oct 01 '18 11:10 nickdbush

Ok I understand.

tonioo avatar Oct 01 '18 11:10 tonioo

I just implemented that using DNS-01 / dns-rfc2136 method with bind9 on Ubuntu 18.04. To make it work the right version of certbot should be on the system (certbot-dns-rfc2136), and bind9 configured to allow updates with grant update to a tsig key. At this time it's a mix of custom ansible scripts that install bind9 and modified modoboa-installer script that does next to nothing as the ansible script did most of the work. In it's current state it's a bit ugly. @tonioo if you agree to give guidance I can tidy it a bit and do a pull request.

rolandf avatar Jan 07 '20 23:01 rolandf

@rolandf I think it's a different subject. If I understand well, what you propose it to add support for DNS zone management to the installer?

tonioo avatar Jan 13 '20 08:01 tonioo

@tonioo I reflected a bit more and I think that there may be too many way of thinking about how to deploy the DNS. Maybe a middle ground would be to have 3 options for modoboa-installer (1 - self signed, 2 - LetsEncrypt, 3 - It has already been taken care of, please use following certificate ).

rolandf avatar Jan 13 '20 13:01 rolandf

I just implemented that using DNS-01 / dns-rfc2136 method with bind9 on Ubuntu 18.04. To make it work the right version of certbot should be on the system (certbot-dns-rfc2136), and bind9 configured to allow updates with grant update to a tsig key. At this time it's a mix of custom ansible scripts that install bind9 and modified modoboa-installer script that does next to nothing as the ansible script did most of the work. In it's current state it's a bit ugly. @tonioo if you agree to give guidance I can tidy it a bit and do a pull request.

Sorry, i know is a old topic, but is this available anywhere ?

Dragnell87 avatar Sep 02 '21 23:09 Dragnell87