I’m not even sure this title makes sense. I’m looking to handle LE certificates in cloudflare automatically. Specifically multi level subdomains.
You can hand off subdomain certs to them for single level, but the moment you want multi level you need to manage the certs yourself.
What I’m hoping for is an open source tool that is meant to handle certain requests and distribution. I just don’t know if such a tool even exists, and searching around hasn’t yielded results.
Does anyone have any thoughts?
This isn’t a cloudflare limitation. It’s a TLS limitation. It was a conscious decision not to support multi-level wildcards. You won’t find a service that supports it. Most people get around this by just not using TLS certs like this. You can encode your multi-level name spacing in 1 level So instead of something like svc1.svcgroup.dev.domain.org You can do it like svcgroup-svc1.dev.domain.org
Never heard of a tool to get around this TLS limitation. There are tools that manage lots of certs (cert-manager in k8s comes to mind). If you had a more concrete example it might help people to suggest solutions.
I’d be fine with individual certs, the issue I’m running into is that a cloudflare proxy record requires a cert for that multi level subdomain, and they won’t handle that cert without you paying them. You can, however, upload your own cert for it.
I’m trying to find a way to automate that process, since remembering to update a cert manually every 3 months is outside my ability.
I’m not familiar enough with cloudflare proxy stuff. I just have my DNS pointed at my router external IP (and luckily my ISP doesn’t reset my IP ever.) It sounds like CF has designed this intentionally as a profit center. Sorry couldn’t be no6w help
I could expose my IP, I was previously and really don’t have a problem with it. My IP is fairly static. It’s just more convenient to use cloudflared internal to the network and proxy the addresses.
If I can’t figure out an automated solution for this, that’s likely what I’ll do. I’m just hopeful there’s a tool out there to do this that I’m just not familiar with.
Thanks for the response regardless, I appreciate you taking the time!