I have 1 Synology hosting several apps and each app has its own subdomain. The Synology is not reachable from the internet unless for certificate renewal. Currently, I use one LE certificate for each subdomain. It goes without saying that cert renewal is a bit tedious but not a dealbreaker for me.
From a security and networking point of view, is this setup advisable or am I putting more effort into it than necessary? Or is it okay to have one certificate covering all of my subdomains?
If it were me I would have a wildcard cert and use a reverse proxy to reach all the services. I think the way you are doing it now is more work than it needs to be.
1 Like
Yes, using something such as https://nginxproxymanager.com/ along a DNS API is much easier. Here is a guide to getting it setup on Synology How to Install Nginx Proxy Manager on Your Synology NAS – Marius Hosting
And I have a video on how to setup Nginx Proxy Manager
1 Like