Skip to content

Migrate to wildcard Let's Encrypt certificates#377

Open
Copilot wants to merge 6 commits intomasterfrom
copilot/migrate-to-wildcard-certificates
Open

Migrate to wildcard Let's Encrypt certificates#377
Copilot wants to merge 6 commits intomasterfrom
copilot/migrate-to-wildcard-certificates

Conversation

Copy link
Contributor

Copilot AI commented Feb 24, 2026
edited
Loading

Reduces Let's Encrypt API load from 50+ individual certificate requests to 2 wildcard certificates for *.viewpoint.house and *.glasgownet.com.

Changes

Traefik configuration (2 files)

  • Added wildcard certificate routers with DNS challenge configuration
  • Routers target api@internal service and define tls.domains with SANs

Service configuration (47 files)

  • Removed tls.certresolver=letsencrypt from all service routers (57 instances)
  • Removed explicit tls.domains[0].main declarations (42 instances)
  • Retained tls=true for certificate selection

Configuration Pattern

Before:

# Each service requested its own certificate
- traefik.http.routers.sonarr.tls.certresolver=letsencrypt
- traefik.http.routers.sonarr.tls.domains[0].main=tv.viewpoint.house

After:

# Traefik service requests wildcard certificates once
- traefik.http.routers.wildcard-viewpoint.rule=Host(`viewpoint.house`)
- traefik.http.routers.wildcard-viewpoint.tls.certresolver=letsencrypt
- traefik.http.routers.wildcard-viewpoint.tls.domains[0].main=viewpoint.house
- traefik.http.routers.wildcard-viewpoint.tls.domains[0].sans=*.viewpoint.house

# Services use wildcard certificate automatically
- traefik.http.routers.sonarr.tls=true

Services automatically match wildcard certificates via Traefik's TLS store without explicit resolver configuration.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI and others added 2 commits February 24, 2026 19:44
@kylegordon
Configure Traefik to use wildcard Let's Encrypt certificates
c490302 
Co-authored-by: kylegordon <231528+kylegordon@users.noreply.github.com>
@kylegordon
Fix domain array indices for wildcard certificates and add documentation
8a98698 
Co-authored-by: kylegordon <231528+kylegordon@users.noreply.github.com>
Copilot AI changed the title [WIP] Migrate Letsencrypt certificates to wildcard configuration Migrate to wildcard Let's Encrypt certificates Feb 24, 2026
Copilot AI requested a review from kylegordon February 24, 2026 19:46
Copilot AI and others added 2 commits February 24, 2026 20:04
@kylegordon
Remove individual certificate resolvers from all services to use wild…
e7a8072 
…card certificates

Co-authored-by: kylegordon <231528+kylegordon@users.noreply.github.com>
@kylegordon
Add missing tls=true to services that were missing it
42c4ef9 
Co-authored-by: kylegordon <231528+kylegordon@users.noreply.github.com>
@kylegordon kylegordon marked this pull request as ready for review February 26, 2026 21:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kylegordon kylegordon Awaiting requested review from kylegordon

Assignees

@kylegordon kylegordon

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kylegordon