Mailcow-dockerized: Let's encrypt wildcard with cloudflare dns validation

Created on 29 Jan 2019 · 12Comments · Source: mailcow/mailcow-dockerized

Hi,
Any plan to support wildcard certificate validation with cloudflare certbot plugin?
Would be very nice and useful to validate certificates using dns instead of webserver root. In my case I have a reverse proxy in front of all infrastructure, I have to pass specific locations to validate certificates, instead with dns validation I wouldn't have to expose specific routes.

Thanks

enhancement

Source

samuelebistoletti

👍2

Most helpful comment

Yes, but no eta. :-(

andryyy on 29 Jan 2019

🎉2

All 12 comments

Yes, but no eta. :-(

andryyy on 29 Jan 2019

🎉2

+1 for this! will be very helpful

itsbhanusharma on 29 Jan 2019

+1 for this!

germanosbh on 30 Jan 2019

maybe I'm wrong one, but if you use acme.sh can't you simply request the certs and have the reverseproxy in front?
acme.sh supports cloudflare as well as most of the other providers

bprfh on 30 Jan 2019

Sure. With a RP in front of mailcow, you can do whatever you want. Just copy the certs in a post-hook to data/assets/ssl.

andryyy on 30 Jan 2019

+1 for this! Would be hella useful!

JustAB0x on 31 Jan 2019

And when using multiple domains from different providers?

I don’t think it is that useful. Just use a rp, maybe even HAProxy in front of it. :)

Will give it a try with our Servercow API.

andryyy on 31 Jan 2019

Added a bounty: https://www.bountysource.com/issues/69319873-let-s-encrypt-wildcard-with-cloudflare-dns-validation

greenmoss on 15 Sep 2019

Well first the whole LE step needs to be modified to actually support DNS-01 validation

MAGICCC on 15 Sep 2019

🚀1

I don't have capacity to do the mailcow integration, but adferrand/docker-letsencrypt-dns works great, taking advantage of the (Python) lexicon library/tool to support a variety of DNS providers.

I'm using it on another node that runs my family & friends websites (similar to how mailcow runs the mail).