Is it possible to configure Traefik to issue a certificate for the entire sub-domain instead of individual hostnames? If so, how?
*.review-apps.ourdomain.com
As a work-around, potentially I could issue a cert like this manually & configure Traefik to use it. I would have to remember to re-issue the cert manually 3 months later.
For context, due to amount of new ingresses we create, we're starting to observe errors related to rate limiting coming from LetsEncrypt.
For more context, as part of our CI/CD pipeline, we deploy "review applications" on every Pull Request created in GitHub. Part of creating a review application is creating a deployment
, service
and ingress
objects in k8s. An ingress created contains a hostname pointing to specific application:
pr-1234.review-apps.ourdomain.com
pr-2345.review-apps.ourdomain.com
pr-3456.review-apps.ourdomain.com
# etc.
Ideally, we want to tell Traefik this:
- when in need to issue a cert for
pr-1234.review-apps.ourdomain.com
, - check if there's a cert for
*.review-apps.ourdomain.com
, - if there's one - just use it,
- if there's no such cert - issue a cert for
*.review-apps.ourdomain.com
, - when cert for
*.review-apps.ourdomain.com
is about to expire - please, re-new it automatically.