[libre-riscv-dev] [Bug 182] Move to libre-soc.org

bugzilla-daemon at libre-riscv.org bugzilla-daemon at libre-riscv.org
Tue Feb 18 14:46:44 GMT 2020


--- Comment #20 from vklr at vkten.in <vklr at vkten.in> ---
(In reply to Jacob Lifshay from comment #19)
> (In reply to vklr at vkten.in from comment #17)
> > Certificates have a thing called SAN (Subject Alternative Name).
> > Multiple SAN's can be specified for a single certificate.
> > Which allows many subdomains to be specified in a single certificate.
> > E.g. example.com, a.example.com, b.example.com, m.a.example.com,
> > t.b.example.com
> Assuming SAN works cross-domain, we should use the same cert for both
> libre-soc.org and libre-riscv.org as well as their subdomains since they're
> all on the same server.

Yes. SANS works cross-domain. But if we need to add a new subdomain to the
certificate, a new certificate has to be made. We have to apply the new one
to all services which require a TLS/SSL Certificate. If automated it is hassle
free. There is a nginx plugin but it is not safe. Webroot plugin is safer. It
generates a certificate in a directory, and we have to copy it to required
final place. In certbot example, it needs a two web root directories for two
base cross-domains but not needed for subdomains. So we need to setup at least
2 vhosts in nginx; one for libre-soc and one for libre-riscv.org.
There are also limits on renewals.

<link https://certbot.eff.org/docs/using.html>
<link https://letsencrypt.org/docs/rate-limits/>

You are receiving this mail because:
You are on the CC list for the bug.

More information about the libre-riscv-dev mailing list