Cloudron 3.2 released
We are happy to announce the release of Cloudron 3.2!
For those unaware, Cloudron is a platform that makes it easy to run web apps on your server and keep them up-to-date and secure. Think SaaS for self-hosted apps.
Cloudron 3.2 adds support for Let's Encrypt wildcard certificates.
Wildcard certificates
Cloudron has supported automatic installation and renewal of Let's Encrypt certificates since it's early days. With this release, we have added support for Let's Encrypt wildcard certificates.
To use wildcard certificates, simply edit the domain configuration and choose Let's Encrypt Prod - Wildcard
from the Certificate provider dropdown:
All new app installations on the domain will automatically start using a wildcard certificate. In addition, existing apps will also automatically switch to using this wildcard certificate when their existing certificate expires.
Wildcard certificates also work when using subdomains in the location field. For example, if we were to install an app into the test.dev
subdomain of the cloudron.cf
domain:
Cloudron will automatically get the certs for *.dev.cloudron.cf
.
Using wildcard certificates brings an important security benefit. All the subdomains under which apps are installed is now not listable by others. Previously, when using non-wildcard certs, every certificate issued can be viewed in the Certificate transparency logs. But when using wildcard certificates only the top level domain will be listed in the logs.
ACME v2 API support
For issuance and renewal of certificates, Cloudron now defaults to verifying domain ownership via ACME DNS automation (dns-01
) instead of HTTP (http-01
). This means that one can now block the server's incoming port 80 and Cloudron can still issue and renew certificates.
Please note that this benefit only applies to domains that use one of the programmable DNS backends - Cloudflare, DigitalOcean, Gandi, GCDNS, GoDaddy, Name.com and Route53. Cloudrons that have a domain which uses the wildcard DNS backend still have to keep port 80 open.
SFO2 region for DigitalOcean Spaces
DigitalOcean recently announced availability of it's SFO2 region for object storage. We have now added this as an option in the backup configuration:
Other notable changes
- Allow mailbox name to be reset to the buit-in
.app
name - Fix permission issue when restoring a Cloudron
- Allow alternate domains to be set in app installation REST API
- Show the title in port bindings instead of the long description
Install or update Cloudron
New to Cloudron? Get started for free by running with 3 simple commands on your server.
To update an existing installation, simply click on the 'Update now' button on your dashboard.