Please provide more information about autocert and type of SSL certs created #31

New Issue

Closed

opened 2025-12-29 09:21:45 +01:00 by adam · 6 comments

adam commented 2025-12-29 09:21:45 +01:00

Owner

Copy Link

Originally created by @FoxxMD on GitHub (Jan 31, 2025).

The readme, certs wiki page, and dns providers wiki page do not specify some basic information about what autocert entails. Please clarify these points:

• Is autocert an ACME client implementation?
• Are the SSL certs being generated for internal or external use?
  • IE IF i use cloudflare dns provider am I generating a CF origin cert or a true SSL cert for public use?
• If generating a true SSL cert, is the provider LetsEncrypt? If not, then what? Are there other providers available to use?
• Does autocert automatically renew certs when they are close to expiration? Does it renew every time the container is started? Do I have to manually renew?
• If I specify multiple domains for autocert does it generate one cert for multiple domains or one cert per domain?

Originally created by @FoxxMD on GitHub (Jan 31, 2025). The readme, [certs wiki page](https://github.com/yusing/go-proxy/wiki/Certificates-and-domain-matching), and [dns providers wiki page](https://github.com/yusing/go-proxy/wiki/Supported-DNS%E2%80%9001-Providers) do not specify some basic information about what autocert entails. Please clarify these points: * Is autocert an [ACME client implementation?](https://letsencrypt.org/docs/client-options/) * Are the SSL certs being generated for internal or external use? * IE IF i use cloudflare dns provider am I generating a [CF origin cert](https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/) or a true SSL cert for public use? * If generating a true SSL cert, is the provider LetsEncrypt? If not, then what? Are there other providers available to use? * Does autocert automatically renew certs when they are close to expiration? Does it renew every time the container is started? Do I have to manually renew? * If I specify multiple domains for autocert does it generate one cert for multiple domains or one cert per domain?

adam closed this issue 2025-12-29 09:21:45 +01:00

adam commented 2025-12-29 09:21:46 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (Jan 31, 2025):

Sorry for the confusion, let me clarify it:

Is autocert an ACME client implementation?

autocert uses https://github.com/go-acme/lego, just like Traefik and similar go written reverse proxies. It grabs a cert using ACME and Let's Encrypt by DNS-01 challenge.

Are the SSL certs being generated for internal or external use

SSL certs obtained are for external use

is the provider LetsEncrypt

Yes, as stated in point 1

If I specify multiple domains for autocert does it generate one cert for multiple domains or one cert per domain?

ALl domains in one cert. (Stated here https://github.com/yusing/go-proxy/wiki/Certificates-and-domain-matching#certificates)

@yusing commented on GitHub (Jan 31, 2025): Sorry for the confusion, let me clarify it: > Is autocert an [ACME client implementation?](https://letsencrypt.org/docs/client-options/) autocert uses https://github.com/go-acme/lego, just like Traefik and similar go written reverse proxies. It grabs a cert using ACME and Let's Encrypt by DNS-01 challenge. > Are the SSL certs being generated for internal or external use SSL certs obtained are for external use > is the provider LetsEncrypt Yes, as stated in point 1 > If I specify multiple domains for autocert does it generate one cert for multiple domains or one cert per domain? ALl domains in one cert. (Stated here https://github.com/yusing/go-proxy/wiki/Certificates-and-domain-matching#certificates)

adam commented 2025-12-29 09:21:46 +01:00

Author

Owner

Copy Link

@FoxxMD commented on GitHub (Jan 31, 2025):

Thank you for the clarification! Might be worth adding that to the wiki ;)

@FoxxMD commented on GitHub (Jan 31, 2025): Thank you for the clarification! Might be worth adding that to the wiki ;)

adam commented 2025-12-29 09:21:46 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (Jan 31, 2025):

Thanks for pointing it out, I've added it to Wiki.

@yusing commented on GitHub (Jan 31, 2025): Thanks for pointing it out, I've added it to Wiki.

adam commented 2025-12-29 09:21:46 +01:00

Author

Owner

Copy Link

@FoxxMD commented on GitHub (Jan 31, 2025):

Sorry I may have closed the issue too fast. Can you provide any details on this?

Does autocert automatically renew certs when they are close to expiration? Does it renew every time the container is started? Do I have to manually renew?

@FoxxMD commented on GitHub (Jan 31, 2025): Sorry I may have closed the issue too fast. Can you provide any details on this? > Does autocert automatically renew certs when they are close to expiration? Does it renew every time the container is started? Do I have to manually renew?

adam commented 2025-12-29 09:21:46 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (Jan 31, 2025):

autocert automatically renew certs 1 month before expiration, 1 hour cooldown for every failed requests.

It only renew when these conditions are met:

• autocert.domains does not match current certs
• certs are about to expire in a month

So

Does it renew every time the container is started

No, it renews only when it have to.

Do I have to manually renew?

No, you don't have to.

@yusing commented on GitHub (Jan 31, 2025): autocert automatically renew certs 1 month before expiration, 1 hour cooldown for every failed requests. It only renew when these conditions are met: - `autocert.domains` does not match current certs - certs are about to expire in a month So > Does it renew every time the container is started No, it renews only when it have to. > Do I have to manually renew? No, you don't have to.

adam commented 2025-12-29 09:21:46 +01:00

Author

Owner

Copy Link

@FoxxMD commented on GitHub (Jan 31, 2025):

Thank you!

@FoxxMD commented on GitHub (Jan 31, 2025): Thank you!

adam referenced this issue 2025-12-29 09:23:37 +01:00

[PR #31] [CLOSED] Bump golang.org/x/crypto from 0.28.0 to 0.31.0 #142

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

compat

feat/agent-stream

dev

main-backup

feat/custom-json-marshaling

feat/non-root-non-host-mode

v0.24.0

v0.23.1

v0.23.0

v0.22.1

v0.22.0

v0.21.3

v0.21.2

v0.21.1

v0.21.0

v0.20.14

v0.20.13

v0.20.12

v0.20.11

v0.20.10

v0.20.9

v0.20.8

v0.20.7

v0.20.6

v0.20.5

v0.20.4

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.2

v0.19.1

v0.19.0

v0.18.6

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.6

v0.17.5

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.2

v0.16.0-pathfix

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.2

v0.14.1

v0.14.0

v0.13.8

v0.13.7

v0.13.6

v0.13.5

v0.13.4

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.9

v0.11.8

v0.11.7

v0.11.6-buildfix

v0.11.6

v0.11.5

v0.11.4

v0.11.3

v0.11.2-2

v0.11.2-1

v0.11.2

v0.11.1

v0.11.0

v0.10.2

v0.10.1

v0.10.0

v0.9.10

v0.9.9-1

v0.9.9

v0.9.8

0.9.8

0.9.7

0.9.6

0.9.5

0.9.4-1

0.9.4

0.9.3

0.9.2

0.9.1

0.9

0.8.1

0.8.0

0.7.7

0.7.6

0.7.5

0.7.4

0.7.3

0.7.2

0.7.1

0.7.0

0.6.4-1

0.6.4

0.6.3

0.6.2

0.6.1

0.6

0.6-rp1

0.5.8

0.5.7

0.5.6

0.5.5

0.5.4

0.5.3

0.5.2

0.5.1

0.5.0

0.5.0-rc6

0.5.0-rc5

0.5.0-rc4

0.5.0-rc3

0.5.0-rc2

0.5.0-rc1

0.5.0-beta3

0.5.0-beta2

0.5.0-beta

0.4.8-1

0.4.8

0.4.7

0.4.6

0.4.5

0.4.4

0.4.3

0.4.2

0.4.1

0.4.0

0.3.1

0.3

0.2.2

0.2.1

0.2-alpha

0.1-stable

Labels

Clear labels

bug

enhancement

pull-request

Mirrored from GitHub Pull Request

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/godoxy#31