brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-22 03:24:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

test: try again with certificate creation using letsencrypt in pulumi

Browse Source
This commit is contained in:
Michele Cereda
2024-09-17 23:37:51 +02:00
parent baeee9ff0d
commit c7981eaa80
5 changed files with 300 additions and 138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
knowledge base/letsencrypt.md
View File

@@ -2,11 +2,15 @@
1. [Challenges](#challenges)
1. [DNS-01 challenge](#dns-01-challenge)
1. [Limits](#limits)
1. [Duplicate certificates](#duplicate-certificates)
1. [Further readings](#further-readings)
1. [Sources](#sources)
## Challenges
Refer [Challenge types].
### DNS-01 challenge
Requires one to prove one has control over the DNS for one's domain name.<br/>
@@ -31,6 +35,29 @@ One can have multiple TXT records in place for the same name.<br/>
However, make sure to clean up old TXT records: Let's Encrypt will start rejecting the request if the response size from
the DNS gets too big.
## Limits
### Duplicate certificates
Refer [Duplicate certificate limit].
One can request a certificate issuance for **the same _exact set_ of hostnames** up to 5 times per week.<br/>
Once that limit is exceeded, one should receive an error message like the following:
```plaintext
too many certificates (5) already issued for this exact set of domains in the
last 168 hours: example.com login.example.com: see https://letsencrypt.org/docs/duplicate-certificate-limit
```
In this error message example, the _exact set_ is `["example.com", "login.example.com"]`.
Revoking previously issued certificates will **not** reset the duplicate certificate limit.<br/>
Nor that limit can be overridden at the time of writing.
As a workaround, one can request one or more certificates for a **different** _exact set_ of hostnames.<br/>
E.G., requesting a certificate for `[example.com, test.example.com]` will succeed; similarly, requesting separate
certificates for the `[example.com]` and `[login.example.com]` sets will succeed.
## Further readings
- [Website]
@@ -39,6 +66,7 @@ the DNS gets too big.
### Sources
- [Challenge types]
- [Duplicate certificate limit]
<!--
Reference
@@ -47,11 +75,12 @@ the DNS gets too big.
<!-- In-article sections -->
<!-- Knowledge base -->
[acme]: acme.placeholder
[acme]: acme.md
<!-- Files -->
<!-- Upstream -->
[challenge types]: https://letsencrypt.org/docs/challenge-types/
[duplicate certificate limit]: https://letsencrypt.org/docs/duplicate-certificate-limit/
[website]: https://letsencrypt.org/
<!-- Others -->