commit 36ca32c06095708bf9af04ae4e1eff0df8a092fc
parent d334a5c0dbafe50e42e0ad2539b3544be92016bd
Author: spacehobo <spacehobo@web>
Date: Tue, 12 May 2026 01:58:47 +0200
possible wildcard cert process, removing test indicators
Diffstat:
1 file changed, 13 insertions(+), 8 deletions(-)
diff --git a/eik.mdwn b/eik.mdwn
@@ -1,13 +1,5 @@
Notes regarding `eik`
-# HEY I JUST UPDATED THIS PAGE!
-
- * spacehobo
- * eik
- * ikiwiki
- * 🙃
-
-
ssh config
----------
@@ -101,6 +93,19 @@ Our `acme.sh` makes use of letsencrypt CA servers, as the default one from ZeroS
Removing a cert is a slightly trickier. We think [this](https://community.letsencrypt.org/t/domain-is-not-a-issued-domain-skip/132337/5) might work. You edit a file in the `~/.acme.sh` by hand 😬
+### Wildcard certs
+
+Of course, all of this was unwieldy and brittle, and it seems none of it works now that we have rauthy set up in our nginx configs for some hosts. So maybe it's time for a wildcard cert:
+
+ acme.sh --issue -d permacomputing.net -d *.permacomputing.net --dns -k ec-384
+
+This will print out a `TXT` record to add to DNS, and then we "renew" it:
+
+ acme.sh --renew --ecc -d permacomputing.net --force
+
+then we're suddenly all sites, and could even set up per-user sites with a single nginx config.
+
+
cerca
-----
