How to serve many subdomains?


(Cristian Consonni) #1

I am writing a project, called wikimirror to use Docker containers and the Caddy server to set proxies of Wikipedia. Each language version Wikipedia has its own subdomain (en for English, es for Spanish, de for German, etc.) and so I created a Caddyfile with several subdomains. I have in total 1 domain and 118 subdomains that serve 59 different languages for which I have:

  • language_code.wikipedia.org
  • language_code.m.wikipedia.org

Here’s the complete Caddyfile in a paste

However when I launch caddy (with sudo ~/caddy/caddy) I get the following error:

Activating privacy features...2017/06/08 10:27:36 [az.m.vikiansiklopedi.org] failed to get certificate: acme: Error 429 - urn:acme:error:rateLimited - Error creating new cert :: too many certificates already issued for: vikiansiklopedi.org

At first I whough that I was hitting Let’s Encrypt rate limits, since I was using the main endpoint also for testing but I have tried waiting for more than a week (that should be the time window needed for resetting the limits) and I still get that error.

If I launch Caddy with the Let’s Encrypt staging endpoint I am able to run Caddy and I get:
$ sudo ~/caddy/caddy --ca http//acme-staging.api.letsencrypt.org/directory
Activating privacy features… done.

How should I change my configuration to make it work?

Thanks in advance for your help.

Cristian


(Matthew Fay) #2

If it works with the staging endpoint, but not with the live one, their servers still think you’re rate limited. I’d give it another 24hr, if you’re absolutely sure it’s been over a week since you’ve requested certificates for that domain.

You could also try it with a different domain to ensure your Caddy configuration is correct.

Unfortunately, though, no Caddy configuration will get around a rate limit error from LetsEncrypt.


(Cristian Consonni) #3

I am sure I have waited more than a week.

Isn’t it possible to have a “wildcard certificate” for a domain, that includes all subdomains? Or is there a way to collect the certificates just once and reuse those?


(Matt Holt) #4

Let’s Encrypt doesn’t issue wildcard certificates, but you can certainly use your own wildcard certificate that you’ve obtained from another CA with Caddy, it’ll just be manual (“old fashioned” or “traditional”) HTTPS.


(Cristian Consonni) #5

Thanks for your replies and thanks Matt for the inspiration for the project :wink:!

I’ll try to check the documentation of Let’s Encrypt to understand how many certificates it can issue so that the project is viable. The idea is that it would be very quick to set up and so obtaining a wildcard certificate from provider would defeat its purpose.


(Cristian Consonni) #6

Also, this thread may be relevant: “Combining multiple domains”.

If I figure out how to put 100 domains in the same certificate then the problem would be solved.


(Matthew Fay) #7

I think you’ll definitely need to make use of another utility to do this, or perhaps fork Caddy and extend it to enable this behaviour. As @matt mentions in the topic you linked, Caddy doesn’t manage SAN certificates automatically, only single certificates per domain.


(system) closed #8

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.