Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If you use a wildcard cert, then only "*.domain.net" is recorded in the logs, not the actual hostnames you're using.


ah, my mistake then. i use a wildcard dns-record but separate letsencrypt-certs for every subdomain. so to truly be stealthy i'd have to use a wildcard dns-record AND a wildcard ssl-cert.

sounds like i got myself a project for this weekend, implement a wildcard cert for my rev-proxy at home :)

EDIT: i guess the logs would still show the old certs, so my subdomains would still be exposed. huh. at least future subdomains would be hidden.

EDIT2: are there more ways for subdomains to get exposed, other than through DNS or SSL-Certs?


can't edit my previous comment anymore.

i got a wildcard-cert, implemented it on my proxy, everything works!

unfortunately, to be stealthy, i almost have to switch to a different domain. then request a new public IP, and switch.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: