[GH-ISSUE #36] LE wildcard certs #31

Closed
opened 2026-02-26 05:33:16 +03:00 by kerem · 9 comments
Owner

Originally created by @ZeroInputCtrl on GitHub (Dec 13, 2018).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/36

Does this container support using wildcards for the LE certs? Can it do the dns challenge for google? I looked through the images for the LE interfaces but i don't see anything that would allow this.

Originally created by @ZeroInputCtrl on GitHub (Dec 13, 2018). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/36 Does this container support using wildcards for the LE certs? Can it do the dns challenge for google? I looked through the images for the LE interfaces but i don't see anything that would allow this.
kerem 2026-02-26 05:33:16 +03:00
Author
Owner

@jc21 commented on GitHub (Dec 13, 2018):

Unfortunately no. Because LE wildcards require DNS setups, I don't bother supporting them in this project. You can specify multiple domains for a single LE certificate however.

<!-- gh-comment-id:447150067 --> @jc21 commented on GitHub (Dec 13, 2018): Unfortunately no. Because LE wildcards require DNS setups, I don't bother supporting them in this project. You can specify multiple domains for a single LE certificate however.
Author
Owner

@ZataH commented on GitHub (Dec 21, 2018):

Will you support it at some point?

<!-- gh-comment-id:449447502 --> @ZataH commented on GitHub (Dec 21, 2018): Will you support it at some point?
Author
Owner

@koshia commented on GitHub (Dec 30, 2018):

I would like to +1 on this request; however low priority. @jc21 I do agree it lets you add multiple domains/sub-domains, but i believe you are still limited to 10 per 90 days, iirc. I'm already @ 8 subdomains and can see adding another 4-6 in the future.

<!-- gh-comment-id:450588031 --> @koshia commented on GitHub (Dec 30, 2018): I would like to +1 on this request; however low priority. @jc21 I do agree it lets you add multiple domains/sub-domains, but i believe you are still limited to 10 per 90 days, iirc. I'm already @ 8 subdomains and can see adding another 4-6 in the future.
Author
Owner

@jc21 commented on GitHub (Jan 3, 2019):

The project's initial goal was to let beginners create ssl reverse proxies. Using LE wildcards requires that the app force users to leave it, add entries to dns, then come back and finish any setup. At this point, it doesn't feel "simple" and as such, very low priority for me.

<!-- gh-comment-id:451054614 --> @jc21 commented on GitHub (Jan 3, 2019): The project's initial goal was to let beginners create ssl reverse proxies. Using LE wildcards requires that the app force users to leave it, add entries to dns, then come back and finish any setup. At this point, it doesn't feel "simple" and as such, very low priority for me.
Author
Owner

@ZeroInputCtrl commented on GitHub (Jan 3, 2019):

That's true if you want to arbitrarily use wildcard certs. I use https://hub.docker.com/r/linuxserver/letsencrypt/ with the google plugin. You give the credentials, it passes those through to certbot and uses these scripts https://github.com/certbot/certbot/tree/master/certbot-dns-google to automatically create and destroy dns records in order to do dns validation for the wildcard certs. Maybe just the sites that have scripts to do these automatic records be a good start?

<!-- gh-comment-id:451136609 --> @ZeroInputCtrl commented on GitHub (Jan 3, 2019): That's true if you want to arbitrarily use wildcard certs. I use https://hub.docker.com/r/linuxserver/letsencrypt/ with the google plugin. You give the credentials, it passes those through to certbot and uses these scripts https://github.com/certbot/certbot/tree/master/certbot-dns-google to automatically create and destroy dns records in order to do dns validation for the wildcard certs. Maybe just the sites that have scripts to do these automatic records be a good start?
Author
Owner

@jc21 commented on GitHub (Jan 3, 2019):

Yeah that's an interesting point. Supporting AWS and Google Cloud to begin with might be easiest. As long as the user understands the security implications of saving their service credentials and the UI process is simple.

<!-- gh-comment-id:451305999 --> @jc21 commented on GitHub (Jan 3, 2019): Yeah that's an interesting point. Supporting AWS and Google Cloud to begin with might be easiest. As long as the user understands the security implications of saving their service credentials and the UI process is simple.
Author
Owner

@vrelk commented on GitHub (May 6, 2019):

Take a look at this project, either for collaboration or inspiration.

https://github.com/Neilpang/acme.sh

<!-- gh-comment-id:489475112 --> @vrelk commented on GitHub (May 6, 2019): Take a look at this project, either for collaboration or inspiration. https://github.com/Neilpang/acme.sh
Author
Owner

@jc21 commented on GitHub (May 8, 2019):

Refer to #85 and #120.

<!-- gh-comment-id:490298735 --> @jc21 commented on GitHub (May 8, 2019): Refer to #85 and #120.
Author
Owner

@toxic0berliner commented on GitHub (Aug 30, 2020):

sadly, neither #85 not #120 enable support for LE wildcard certificate.
I'd be very interested to have the gui to do this in nginx-proxy-manager, for the time beeing I cannot request any certificate for *.example.com since the ui doesn't let me, I've also seen some javascript alert message somewhere explicitely telling me it doesn't support it....
Any luck of reopening the issue and implementing it now that DNS challenge seems to be working ?

<!-- gh-comment-id:683437246 --> @toxic0berliner commented on GitHub (Aug 30, 2020): sadly, neither #85 not #120 enable support for LE wildcard certificate. I'd be very interested to have the gui to do this in nginx-proxy-manager, for the time beeing I cannot request any certificate for *.example.com since the ui doesn't let me, I've also seen some javascript alert message somewhere explicitely telling me it doesn't support it.... Any luck of reopening the issue and implementing it now that DNS challenge seems to be working ?
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#31
No description provided.