SSL wildcard and reverse proxy

[diedrichg]

I find networking extremely confusing and have what I know is a dumb question, but here it is.

A SSL (TLS) wildcard certificate subscription is quite expensive!
(1) From what I understand, Let's Encrypt doesn't support subdomain SSL?
(2) Can a reverse proxy take the place of the wildcard SSL to utilize a cheap (or free) single domain SSL? Meaning - I would be able to get certificate encryption on the subdomain by utilizing a single domain SSL certificate and the reverse proxy forwarding to the subdomain? e.g. https://truenas.mydomain.xyz

I'm sure I'm getting my wires crossed. Maybe somebody can help?

 

[Heracles]

A SSL (TLS) wildcard certificate subscription is quite expensive!

Well mine is completely free...

(1) From what I understand, Let's Encrypt doesn't support subdomain SSL?

Yes they do. But they require DNS challenges for them.

(2) Can a reverse proxy take the place of the wildcard SSL to utilize a cheap (or free) single domain SSL?

No because they need to serve a valid certificate for the name requested by the client. But it can use a free wildcard to do so.

 

[danb35]

(1) From what I understand, Let's Encrypt doesn't support subdomain SSL?

What do you mean by "subdomain SSL"? Let's Encrypt will happily issue a cert for any hostname you own--root domain, subdomain, sub-subdomain, etc. As long as you can validate the FQDN--either through the DNS challenge, or via a HTTP connection to the hostname in question--Let's Encrypt will issue you the cert. If you mean a wildcard--you want a cert for *.example.com to match any subdomain under example.com--Let's Encrypt will issue that too, for free (all their certs are free), but you must validate via DNS.

You can have up to 100 names on a single Let's Encrypt cert, which can be any combination of root domains, subdomains, sub-subdomains (and further levels as desired), and/or wildcards. You can issue pretty much all the certs you want, within their rate limits.

 

[Basil Hendroff]

A SSL (TLS) wildcard certificate subscription is quite expensive!
(1) From what I understand, Let's Encrypt doesn't support subdomain SSL?

Does Let’s Encrypt issue wildcard certificates?

Can a reverse proxy take the place of the wildcard SSL

An RP will use a wildcard cert. To give this some context, here's an example using Caddy:

Code:

*.example.com {
    map {labels.2} {ip} {
        sub1 192.168.1.10:80    #sub1.example.com
        sub2 192.168.1.20:8181  #sub2.example.com
    }
    reverse_proxy {ip}
}

 

[diedrichg]

Thank you all for the replies, this helps to clear some stuff up.