On Sun, 20 Jun 2021 at 14:26, mick <mbm@rlogin.net> wrote:
[ Biggus Snippus of extremely useful info, thank you]
My point in going over this is that you /could/ do something similar if you do not really need to use wildcards in your certificates.
It is certainly the wildcard issue that is the key, and I am now wondering how important it is to me. The reason I have it is that I have a multi-site Wordpress. Each site is notionally <sitename>.<myhostname>, although most also then have their own domains on top. Using wildcards is easier than having to add each new <sitename> to the configuration, but actually that happens fairly infrequently compared with the 3mo SSL cert renewal I have to do manually now due to the wildcard. That said, as there is a mechanism for auto-renewal via DNS using a select list of hosts with APIs, and (it seems) a way to do that via CNAMEs rather that moving the DNS of the domain itself, I would prefer to get that working. But I can't for the life of me work out how it's supposed to hang together! Thanks for the info though, I think I need to sit down and think about how I'm doing SSL in general. -- Mark Rogers // More Solutions Ltd (Peterborough Office) // 0344 251 1450 Registered in England (0456 0902) 21 Drakes Mews, Milton Keynes, MK8 0ER