Hmm thats kinda interesting. 
1 Like
right on. Dumb question, but we should only be seeing the forum subdomain requests going through cloudflare right?
Because I noticed that the A record for forum is pointed at cloudflare but the A record for the homepage and www subdomain are pointed directly at a linode ip. Just wanted to point that out in case it’s not expected behavior, also since the SAN seems to be working for forum but not for the homepage, at least for me with curl and firefox.
I personally use one but only because at the time Let’s Encrypt (LE) didn’t exist. Aparrently LE have wildcard support on the way, but I am not holding my breath. The downside to a wildcard is you must deploy the same key and cert to each server/service, increasing the exposure risk of your private key.
Not really, just add another name to the cert for www, all modern browsers support SNI and DNS alternative names. The acme.sh script is brilliant for managing LE certs.
1 Like
Yep most definitely a good point. As long as you keep a tight rein on your private key(s) then risk is still there, but fairly low.
that acme.sh script is rad. I’m stealing that thanks for the link.
1 Like