But your endpoints are already available to everyone with just a nslookup.
Maybe it’s more the permanent history of that, so if you run something like “radarr.example.com” then you wouldn’t have plausible deniability if you’re sued and the CT logs are presented as proof of your wrongdoing
Not if you run a wildcard CNAME for your sub domains right ?
Like I have *.mydomain.com point to my server, and there I have a different reverse proxy depending on the domain.
But your endpoints are already available to everyone with just a nslookup.
Maybe it’s more the permanent history of that, so if you run something like “radarr.example.com” then you wouldn’t have plausible deniability if you’re sued and the CT logs are presented as proof of your wrongdoing
Not if you use wildcard dns records.
With Encrypted Client Hello you can have some more privacy on obtaining certificates for wildcard domains, IIRC.
Not if you run a wildcard CNAME for your sub domains right ?
Like I have *.mydomain.com point to my server, and there I have a different reverse proxy depending on the domain.