From 8e90029a84762308a9bfaa32871019a8acabd1de Mon Sep 17 00:00:00 2001
From: Nemo <me@captnemo.in>
Date: Wed, 28 Mar 2018 15:45:44 +0530
Subject: [PATCH] wildcard certs are here!!!

---
 cloudflare/main.tf       |  8 ++++++++
 docker/data.tf           |  2 +-
 docker/conf/traefik.toml | 18 +++++++++++++++---
 3 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/cloudflare/main.tf b/cloudflare/main.tf
index b722506..bc64788 100644
--- a/cloudflare/main.tf
+++ a/cloudflare/main.tf
@@ -37,6 +37,14 @@
   ttl    = 3600
 }
 
+resource "cloudflare_record" "acme-no-cname-1" {
+  domain = "${var.domain}"
+  name   = "_acme-challenge.${var.domain}"
+  type   = "A"
+  value  = "127.0.0.1"
+  ttl    = "300"
+}
+
 /**
  *   vpn.bb8.fun
  * *.vpn.bb8.fun
diff --git a/docker/data.tf b/docker/data.tf
index f2ff731..802cf9b 100644
--- a/docker/data.tf
+++ a/docker/data.tf
@@ -17,7 +17,7 @@
 }
 
 data "docker_registry_image" "traefik" {
-  name = "traefik:cancoillotte-alpine"
+  name = "traefik:1.6"
 }
 
 data "docker_registry_image" "wikijs" {
diff --git a/docker/conf/traefik.toml b/docker/conf/traefik.toml
index a522780..3f8965d 100644
--- a/docker/conf/traefik.toml
+++ a/docker/conf/traefik.toml
@@ -85,13 +85,13 @@
 [acme.httpChallenge]
   entryPoint = "http"
 
-# Keep DNS challenge disabled
-# for now
-# [acme.dnsChallenge]
-#   provider = "cloudflare"
-#   delayBeforeCheck = 5
-# Get wildcard once possible
+[acme.dnsChallenge]
+  provider = "cloudflare"
+  delayBeforeCheck = 30
 
+# This is a legacy certificate
+# From when traefik did not support
+# wildcard certs
 [[acme.domains]]
 main = "bb8.fun"
 sans = [
@@ -126,3 +126,9 @@
   "wifi.bb8.fun",
   "wiki.bb8.fun"
 ]
+# Primary 2 wildcard certs
+[[acme.domains]]
+  main = "*.bb8.fun"
+# Internal services are also protected!
+[[acme.domains]]
+  main = "*.in.bb8.fun"
--
rgit 0.1.5