Comments (7)
jonathan-sturges
commented on August 11, 2024
Limitations/comments:
- Let's Encrypt only allows 50 per domain, per day. Use wildcard certs?
- Need control of DNS for domain
from redhatgov.workshops.
calvingsmith
commented on August 11, 2024
Could we get wildcard SSL cert to match *.redhatgov.io ?
…On Wed, Aug 12, 2020 at 2:33 PM jonathan-sturges ***@***.***> wrote:
Limitations/comments:
- Let's Encrypt only allows 50 per domain, per day.
- Need control of DNS for domain
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#104 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABAV4GTBXEQBY7E4YLZDAQ3SALN75ANCNFSM4PU3Y5HQ>
.
--
Calvin Smith | Senior Solutions Architect
Public Sector Division | Red Hat
[email protected]
RED HAT | TRIED. TESTED. TRUSTED.
Every single executive department in the U.S. federal government runs Red
Hat in their datacenters.
Find out why at Trusted | Red Hat <http://www.redhat.com/en/about/trusted>
from redhatgov.workshops.
dmc5179
commented on August 11, 2024
Wildcard cert on *.redhatgov.io would probably be too broad. The pattern for DNS names in the workshop should probably be updated and then a wildcard used. If the name of the workshop is "mycompany" then I get hosts called:
- mycompany.node.#.redhatgov.io
- mycompany.tower.#.redhatgov.io
It is a weird naming convention by itself but for wildcard certs we could just switch it to make the company name a subdomain like:
- node.#.mycompany.redhatgov.io
- tower.#.mycompany.redhatgov.io
The wildcard cert can then be issued on *.mycompany.redhatgov.io
The naming convention is also much easier to understand IMHO.
from redhatgov.workshops.
mshoger
commented on August 11, 2024
Just ran a RHEL8 workshop where this was an issue. Several students from corporate networks that don't allow invalid certs. Letsencrypt would be a great way to mitigate this.
from redhatgov.workshops.
jonathan-sturges
commented on August 11, 2024
Wildcard cert on *.redhatgov.io would probably be too broad. The pattern for DNS names in the workshop should probably be updated and then a wildcard used. If the name of the workshop is "mycompany" then I get hosts called:
- mycompany.node.#.redhatgov.io
- mycompany.tower.#.redhatgov.io
It is a weird naming convention by itself but for wildcard certs we could just switch it to make the company name a subdomain like:
- node.#.mycompany.redhatgov.io
- tower.#.mycompany.redhatgov.io
The wildcard cert can then be issued on *.mycompany.redhatgov.io
The naming convention is also much easier to understand IMHO.
I like this approach, and it looks like it should be compatible with this module for per-host certs. That would make deployment pretty seamless for smaller workshops straight up, but we'd have to test if it also works for wildcard certs.
from redhatgov.workshops.
jonathan-sturges
commented on August 11, 2024
I think this approach continues to have merit.
If we create per-workshop sub-domains, we should be able to use a DNS-01 challenge from Let's Encrypt to get a wildcard cert.
ref: https://letsencrypt.org/docs/challenge-types/
I'll work on testing this out.
from redhatgov.workshops.
ajacocks
commented on August 11, 2024
Closed by #166
from redhatgov.workshops.
Related Issues (20)
- Fix rhel workshop to allow use of cloud access for RHEL 8
- Documentation updates for rhel_aws workshop
- 2_load.yml playbook execution failing for rhel_aws workshop due to undefined variable
- 2_load.yml playbook for rhel_aws workshop consistently hangs on task TASK [graphical : Install GUI components and Xrdp build reqs on RHEL 8]
- Documentation error for RHEL workshop
- yum update failing for RHEL workshop when RHEL version is 8.3
- Ansible workshop deployment with Cloud Access fails to add Ansible repos due to lack of subscription
- Web terminal appears to wrap after 80 characters HOT 3
- RHEL8 workshop Integrate container into systemd fails HOT 4
- bash-completion package not installed on RHEL 8 hosts HOT 2
- Rhel
- The STIG Now Requires SELinux User Assignments HOT 1
- RHEL 8 AWS workshop: Change to use of aws.create role breaks deployment in region ap-southeast 2 HOT 3
- SELinux workshop - clarify sudo use in typed steps
- SELinux workshop - clarify editing process, indicate vi or other
- AWS RHEL workshop provisioning failing at TASK [acme.sh to issue certs with session token] HOT 5
- Deprecated - community.kubernetes.k8s - replace with kubernetes.core.k8s in playbooks and roles
- RHEL_AWS: RHEL and Windows AMI names have changed
- RHEL_AWS: " enable auto-selection of RHEL and Windows AMIs" breaks RHEL 8 workshop deployment
- RHEL_AWS: Certificate installation failing HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from redhatgov.workshops.