I’m using brilliant SWAG container for reverse proxy with letsencrypt. Until now everything worked perfectly.
However now I have one concern regarding security. Whenever I create a multiple subdomains (e.g.
sub3.example.com) I can see all of them in certificate info under the SAN. But there are also some subdomains that I’d like to hide, or about which only I should know. So if anybody looks on certificate details he shouldn’t see them. I don’t think this is possible to do with SWAG, or if it is can somebody please tell me how to do so?
So for problem above, there could be a solution to generate wildcard certificate, however currently certbot supports only small number of dnsplugins. For example I’d like to generate wildcard cert for gransy.com provider. For sure there is some option how to write the plugin, but for me it would be difficult. There is one tool dehydrated which supports multiple dns providers and new are being added. So it would be nice if we can have option to switch between certbot or dehydrated, or we can have container similar to SWAG which will utilise dehydrated.
What do you think?