Split certificate generation for additional domains from main domains
Closed this issue · 2 comments
ferristocrat commented
What is the problem/pain point?
We need to split obtains and renewals for additional domains from main domains in Gateway-MT. Otherwise, the gateway's running is based on the correctness of DNS entries that might have been created by someone else than the gateway's administrator.
Acceptance Criteria
- TLS certificates generation for additional domains is separate from main domains
- This should be the case for new certs as well as renewals
- There's a well-visible and well-documented configuration that defines what additional and what main domains are
pwilloughby commented
This might be also be a good time to update certmagic. It's not spelled out in the acceptance criteria but missing an additional domain cert should be a warning instead of fatal like missing a main domain cert.
storj-gerrit commented
Change {pkg/server,pkg/httpserver}: add optional domains for cert generation mentions this issue.