wildcard certs are here!!!

cloudflare/main.tf

@@ -37,6 +37,14 @@ resource "cloudflare_record" "internet-wildcard" {
   ttl    = 3600
 }
 
+resource "cloudflare_record" "acme-no-cname-1" {
+  domain = "${var.domain}"
+  name   = "_acme-challenge.${var.domain}"
+  type   = "A"
+  value  = "127.0.0.1"
+  ttl    = "300"
+}
+
 /**
  *   vpn.bb8.fun
  * *.vpn.bb8.fun

docker/conf/traefik.toml

@@ -85,13 +85,13 @@ acmelogging = true
 [acme.httpChallenge]
   entryPoint = "http"
 
-# Keep DNS challenge disabled
-# for now
-# [acme.dnsChallenge]
-#   provider = "cloudflare"
-#   delayBeforeCheck = 5
-# Get wildcard once possible
+[acme.dnsChallenge]
+  provider = "cloudflare"
+  delayBeforeCheck = 30
 
+# This is a legacy certificate
+# From when traefik did not support
+# wildcard certs
 [[acme.domains]]
 main = "bb8.fun"
 sans = [
@@ -126,3 +126,9 @@ sans = [
   "wifi.bb8.fun",
   "wiki.bb8.fun"
 ]
+# Primary 2 wildcard certs
+[[acme.domains]]
+  main = "*.bb8.fun"
+# Internal services are also protected!
+[[acme.domains]]
+  main = "*.in.bb8.fun"

docker/data.tf

@@ -17,7 +17,7 @@ data "docker_registry_image" "transmission" {
 }
 
 data "docker_registry_image" "traefik" {
-  name = "traefik:cancoillotte-alpine"
+  name = "traefik:1.6"
 }
 
 data "docker_registry_image" "wikijs" {