You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Domain Management and ACME Provider TLS Setting should be more integrated
DNS zone records could be easier to monitor, especially for updates when TLS certificates are rotated
Domain Management vs. TLS Settings
In /manage/directory/domains, the "Domains" type appear in red, which provides a bit of confusion, since red is usually associated with something going wrong -- or are all my domains wrongly configured?
Since some DNS records should be kept up-to-date (e.g., TLSA records), the Type column could be used to give a visual hint for the status of the domain -- probably not exclusively, since it would generate an accessibility issue for people with color blindness, and eventually for screen readers if color is the only criteria... Anyway, it would be useful to have some perceptive cue about the current state of domain records.
Here's an example:
You add a new domain in Management > Directory > Domains > create domain
You create a TLS ACME Provider in Settings > TLS > ACME Provider > create ACME Provider
Already you have a single operation ("Make Stalwart-mail manage domain X") split into two operations that are found in different places (a wizard would be nice!).
You go back to Domain directory management to get the DNS records -- which do not yet have the TLSA records, since you did not yet update your DNS records, or if you did, the ACME provider did not yet complete...
Once the DNS records are updated, the ACME provider can complete, which updates the DNS records with TLSA entries (and modifies the timestamp for MTA-TLS record)
After waiting another few minutes, you can update the MTA-TLS and TLSA records, and then your domain is active and working.
Easier domain state overview
All this process is a bit tedious and you have no direct feedback on where it stands.
Moreover, in the ready-to-paste DNS records, the updated resource records are not directly visible nor are they continuous: it would be better if they would be grouped (by "age"), so you can directly identify which records need changing and copy-paste them in your zone file -- or use some API to automate the DNS update step.
Nested subdomain management
There are other situations (e.g., you're using email.example domain and sub.email.example as another MX domain) where multiple domains and subdomains can share an single ACME Provider -- on the condition that both top and sub domains are already registered with Stalwart-mail, otherwise the ACME Provider will (almost) silently fail. Another (part of the) discussion relates to sub-domain management with Stalwart-mail, we can either have it here or split it to a new thread.
Summary
In general, the user interface to validate the state of a managed domain resource records over time could be enhanced a lot, and this discussion is focusing on this topic. What should be taken into account? How can it best be achieved?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Stalwart Labs
-
TL;DR
Domain Management vs. TLS Settings
In
/manage/directory/domains, the "Domains" type appear in red, which provides a bit of confusion, since red is usually associated with something going wrong -- or are all my domains wrongly configured?Since some DNS records should be kept up-to-date (e.g., TLSA records), the Type column could be used to give a visual hint for the status of the domain -- probably not exclusively, since it would generate an accessibility issue for people with color blindness, and eventually for screen readers if color is the only criteria... Anyway, it would be useful to have some perceptive cue about the current state of domain records.
Here's an example:
Management > Directory > Domains > create domainSettings > TLS > ACME Provider > create ACME ProviderAlready you have a single operation ("Make Stalwart-mail manage domain X") split into two operations that are found in different places (a wizard would be nice!).
Easier domain state overview
All this process is a bit tedious and you have no direct feedback on where it stands.
Moreover, in the ready-to-paste DNS records, the updated resource records are not directly visible nor are they continuous: it would be better if they would be grouped (by "age"), so you can directly identify which records need changing and copy-paste them in your zone file -- or use some API to automate the DNS update step.
Nested subdomain management
There are other situations (e.g., you're using
email.exampledomain andsub.email.exampleas another MX domain) where multiple domains and subdomains can share an single ACME Provider -- on the condition that both top and sub domains are already registered with Stalwart-mail, otherwise the ACME Provider will (almost) silently fail. Another (part of the) discussion relates to sub-domain management with Stalwart-mail, we can either have it here or split it to a new thread.Summary
In general, the user interface to validate the state of a managed domain resource records over time could be enhanced a lot, and this discussion is focusing on this topic. What should be taken into account? How can it best be achieved?
Beta Was this translation helpful? Give feedback.
All reactions