|
|
|
|
|
|
by etaioinshrdlu
2657 days ago
|
|
|
Yo thanks for taking the time to write this. Obviously hard to complain too much about a free product - I'm sharing my personal experience for others. So the thing I like about AWS is that they can give you a cert before pointing the DNS A record at your site. Really fool-proof and excellent. Much better than the let's encrypt flow by design. In fact on some of my sites I now run Caddy on AWS behind a load balancer with the AWS load balancer providing HTTPS. Works much better and I can sleep at night with less fear. |
|
|
I believe AWS can do this because they have proof that you own the domain (effectively DNS validation) before handing out certs. Caddy can do similar with DNS validation - fetching your cert without needing to be publicly accessible. It needs you to hook into the API of one of the supported DNS providers though, because validation is still done on a per-request basis (but it has been able to do wildcards for a while). I understand that AWS is more validate once, sign certificates many times, which is quite convenient - and it all hooks into their systems fairly automatically.