zoraxy
zoraxy copied to clipboard
tobychui
[QUESTION] Wildcard lets'encrypt certificat
Just one question how to do that ? lets'encrypt with wildcard ? because if i configure to create one certificat per domain/subdomain i receive the block message acme because mose request .... (I migrate from NPM to zoraxy for test zoraxy solution)
I only know that you can create a cert containing multiple subdomains but I never tried using a wildcard. I guess the ACME module maintainer @yeungalan might be able to help you with that.
Ok, I used this on NPM with DNS ovh and work good :)
It's possible to used zoraxy to create a certificat with multiple domaine name ? how to do that ?
with this section ?
Ok, I used this on NPM with DNS ovh and work good :)
It's possible to used zoraxy to create a certificat with multiple domaine name ? how to do that ?
with this section ?
Do you mean multiple domains or subdomains? If you want one cert for all your domains, upload them to the Default Certificate section here.
Otherwise, you can use comma separated subdomains to generate new certificates, like
s1,example.com,s2.example.com
Ok i test to add multi subdomain and its ok for generation certificat:
but when I test to add new subdomain on zoraxy, how I can inform zoraxy to use this certificat multi-subdomain ?
Can't you just use *.yourdomain.com for LetsEncrypt?
I have wildcardcerts for multiple domains from my provider, Zoraxy picks the right one automaticly.
sub.domain1.com uses cert 1, sub.domain2.com uses cert 2.
No need to set something on this end. The cert only needs to exist
Uncheck "Requieres TLS" and "Skip Verification" from your subdomain proxy. It works without this.
When I test to add *.domain.com "acme-tool" I receive the error:
and nslookup :
wildcard is configured on ovh:
| *.wxxxxxxxx.fr. | 0 | A | 1xx.xxx.xxx.70 |
|---|
Maybe I don't understand how to configure .... :(
it would actually be simpler to have a wildcard certificate but I can't understand how to do it with zoraxy
it's not possible with gui ovh but in text plain this is the configuration:
I had no time yesterday, but today I tested LetsEncrypt with wildcard on my domain. I can confirm your bug in Zoraxy. It is not from OVHs site.
Please be patient for a bugfix. You can use mutliple SSL providers as a workaround. Some certs from LetsEncrypt for your subdomains, Buypass and ZeroSSL for other subdomains. Buypass and ZeroSSL are european SSL providers, they give free certs too, exactly like LetsEncrypt from america.
Ok no problem I thought I was doing something wrong ;) I test with zerossl :)
@barto95100 You might try to ping the author of the ACME module @yeungalan or another contributor @daluntw. In my opinion, the lego library (which itself support DNS-01 / wildcard certificate challenge) was already used in Zoraxy so I don't think it would be difficult to add support for DNS-01 challenge. I guess the reason that this is still not implemented is mostly due to little incentive from contributors and I am too busy to help.
Excuse if I ping the wrong user... :( my bad
if the dns-challenge is possible to generate the wildcard is appreciated because, in my case and other (most people test zoraxy now in my entourage) we have multiple sub domain and with limitation of let's encrypt to generate certificate it's a problem because is neccesary to wait 3hours to add new certificate, with wildcard no problem coming soon
My workaround is to used certbot directly to generate wildcard and configure ln -s to add file from lets'encrypt certbot to zoraxy
Hi @barto95100, I succeed to use a wildcard ssl certificate by generating it with Nginx Proxy Manager (DNS challenge with OVH) and importing it into "Hosts Certificates" section. Seems to work! PS : you don't have to generate a new ssl certificate each time your create a new Proxy Rule.
Hi @barto95100, I succeed to use a wildcard ssl certificate by generating it with Nginx Proxy Manager (DNS challenge with OVH) and importing it into "Hosts Certificates" section. Seems to work! PS : you don't have to generate a new ssl certificate each time your create a new Proxy Rule.
YEs I use certbot directly to generate certificate with API OVH and create link symbolic and work perfectly.
I test and i want create a docker image to that
You can integrate LEGO cert with Zoraxy to achieve that https://github.com/go-acme/lego
@nicomda Thanks for the tips. I already mentioned about the use of LEGO in this thread but seems no contributor want to pick it up. I would have add that in by myself if I am not busying with my master thesis. If anyone want to integrate this feature and don't know where to starts, please feel free to PM me :)
Just for information i finish the image with zaraxy and Certbot, and work perfectly :)
The repo : https://github.com/barto95100/zoraxy
I'm not developper and not possibel for me to help for lego :(
I succeed to use a wildcard ssl certificate by generating it with Nginx Proxy Manager (DNS challenge with OVH) and importing it into "Hosts Certificates" section. Seems to work!
Yeah... works for 90 Days.... well good enough for now.
btw, ZeroSSL supports Wildcard Domains only for the 50$/month plan.
The free Go SSL certificates from Buypass CA doesn’t allow wildcard. It doesn’t mean wildcard isn’t supported at all. Wildcard is a paid product from Buypass CA.
Yes, it's neccesarry to wait for lets'encrypt added dns challenge on zoraxy +1
Fyi I think this is covered by the following issue https://github.com/tobychui/zoraxy/issues/49
Still get the "could not determine solvers" issue with 3.0.9 Any tips for LetsEncrypt and Wildcards?
Still get the "could not determine solvers" issue with 3.0.9 Any tips for LetsEncrypt and Wildcards?
Make sure you have no custom DNS like Pihole in your system that blocks some of the required DNS queries and you got the correct API keys for your DNS provider.
Error: one or more domains had a problem: [*.domain.tld] [*.domain.tld] acme: error presenting token: godaddy: no subdomain because the domain and the zone are identical: domain.tld.
That's a DNS issue from godaddys side? Wrong config?