Community discussions

MikroTik App
 
dksoft
Member Candidate
Member Candidate
Topic Author
Posts: 148
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Howto use Let's Encrypt command on 7.1rc2?

Sun Sep 05, 2021 2:22 pm

Using the new Let's Encrypt command creates a certificate like "letsencrypt-autogen_2021-09-03T09:39:38Z".

Do I need to setup a schedule in order to renew it after 60 days?
The certificate is renamed after each renewal. Can I rename it to something constant, so it's easier to integrate into the services?
Is there support for creating a wildcard-certificate?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11438
Joined: Thu Mar 03, 2016 10:23 pm

Re: Howto use Let's Encrypt command on 7.1rc2?

Sun Sep 05, 2021 3:43 pm

Is there support for creating a wildcard-certificate?

Letsencrypt doesn't support wildcard certificates, it only supports SAN (Subject Alternative Name), which includes explicitly requested server names ... but each of them separately have to pass whichever verification chosen (usually it's challenge-response exchange over http).
 
biomesh
Long time Member
Long time Member
Posts: 561
Joined: Fri Feb 10, 2012 8:25 pm

Re: Howto use Let's Encrypt command on 7.1rc2?

Sun Sep 05, 2021 4:23 pm

LE has supported wildcard certs for years:

https://community.letsencrypt.org/t/acm ... ards/55578
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Howto use Let's Encrypt command on 7.1rc2?

Sun Sep 05, 2021 5:37 pm

Using indeed Wildcard for years and you need a verification DNS sever to be able to use it.

"wildcard identifiers must be validated by a DNS-01 challenge"
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11438
Joined: Thu Mar 03, 2016 10:23 pm

Re: Howto use Let's Encrypt command on 7.1rc2?

Sun Sep 05, 2021 6:33 pm

I stand corrected.

I have my own view on feasibility of using any other than HTTP-01 challenge for most of general public. Which makes procedure to get wildcard certificate impractical to me. In addition there are number of security implications when using wildcard certificates. If one needs certificates for systems not accessible from internet, one can easily issue self-signed certificates ...
 
nescafe2002
Forum Veteran
Forum Veteran
Posts: 897
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: Howto use Let's Encrypt command on 7.1rc2?

Sun Sep 05, 2021 6:40 pm

One big advantage of wildcart certificates is that your hostname is not leaked to the public via certificate transparency.

I once generated a certificate on the synology.me domain, the host was then listed on crt.sh and the number of login attempts from all over the world exploded.

If you create a wildcard domain you can at least use it to protect host.domain.tld without exposing the hostname via cert. transparency.
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Howto use Let's Encrypt command on 7.1rc2?

Sun Sep 05, 2021 7:03 pm

I think that the word "synology" was the trigger for the many login attempts.

Who is online

Users browsing this forum: No registered users and 14 guests