Configure Multiple Domains Through ACME in clusters #2932
Description
Is there an existing issue for this?
- There is no existing issue for this feature
What are you currently unable to do
I want to to generate TLS Certificates for more than one domain or a wildcard certificate via Incus' ACME service so that I can distinguish specific hosts from each other using DNS records. This would allow me to create DNS records to differentiate cluster members from each other.
What do you think would need to be added
Looking at legos documentation, I believe it should be possible to support this by passing in multiple domains into the command:
GLOBAL OPTIONS:
--domains value, -d value [ --domains value, -d value ] Add a domain to the process. Can be specified multiple times.
For the ACME configuration, the acme.domain parameter could be changed to be an array of strings or a single comma separated string of domains.
Another way of approaching this might be to have this parameter be defined per cluster member as opposed to for the entire cluster. So instead of all hosts having certificates for:
"host1.domain.com", "host2.domain.com", "shared.domain.com", host1 might only have certificates for "host1.domain.com" and "shared.domain.com" while host2 only has certificates for "host2.domain.com" and "shared.domain.com". However, I'm unsure if that would be as easily doable as it might conflict with other aspects of the cluster implementation.