[libre-riscv-dev] [Bug 182] Move to libre-soc.org
bugzilla-daemon at libre-riscv.org
bugzilla-daemon at libre-riscv.org
Tue Feb 18 14:46:44 GMT 2020
http://bugs.libre-riscv.org/show_bug.cgi?id=182
--- Comment #20 from vklr at vkten.in <vklr at vkten.in> ---
(In reply to Jacob Lifshay from comment #19)
> (In reply to vklr at vkten.in from comment #17)
> > Certificates have a thing called SAN (Subject Alternative Name).
> > Multiple SAN's can be specified for a single certificate.
> > Which allows many subdomains to be specified in a single certificate.
> > E.g. example.com, a.example.com, b.example.com, m.a.example.com,
> > t.b.example.com
>
> Assuming SAN works cross-domain, we should use the same cert for both
> libre-soc.org and libre-riscv.org as well as their subdomains since they're
> all on the same server.
Yes. SANS works cross-domain. But if we need to add a new subdomain to the
certificate, a new certificate has to be made. We have to apply the new one
to all services which require a TLS/SSL Certificate. If automated it is hassle
free. There is a nginx plugin but it is not safe. Webroot plugin is safer. It
generates a certificate in a directory, and we have to copy it to required
final place. In certbot example, it needs a two web root directories for two
base cross-domains but not needed for subdomains. So we need to setup at least
2 vhosts in nginx; one for libre-soc and one for libre-riscv.org.
There are also limits on renewals.
<link https://certbot.eff.org/docs/using.html>
<link https://letsencrypt.org/docs/rate-limits/>
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the libre-riscv-dev
mailing list