Allow subject alt names for letsencrypt certs
Pixelated uses mail.DOMAIN as url. We would like to issue letsencrypt certs for this domain as well. Currently the pixelated user-agent shares the one cert with the webapp and therefore would need an additional subject alt name mail.DOMAIN in the cert.
I see these options:
- Make leap_cli support SANs for the one cert
- Use a second cert for mail.DOMAIN (introduces a second expiry date, more hassle for the admin)
- Serve pixelated under DOMAIN/mail i.e. using apache mod_proxy (I tried and it isn't straight forward unfortunately).
For what I saw the whole acme integration is based on the main domain, i.e. from lib/leap_cli/commands/ca.rb:
acme = Acme.new(domain: domain, key: account_key)
which would need some work to integrate SANs.
(from redmine: created on 2016-10-06, blocks #3924)