Have HTTPS on all the subdomains of tails.boum.org
To be on Firefox’s HSTS preload list, one has to be on Chrome’s list. To
be on Chrome’s HSTS preload list, one has to use the includeSubdomains
option in the HSTS header. So, in order to have tails.b.o on these
lists, we need valid certificates for all our subdomains of tails.b.o,
otherwise various pieces of our infrastructure (e.g. Jenkins) will be
unreachable (major browsers don’t let you validate a self-signed
certificate by hand, if HSTS is enabled for this domain).
To do so, we can either:
a. Get a commercial wildcard certificate for *.tails.boum.org.
b. Get Let’s Encrypt certificates for each one of our subdomains.
Parent Task: #8191 (closed)
Related issues
- Related to #8143 (closed)
- Blocks #9102 (closed)
Original created by @intrigeri on 8192 (Redmine)