Hello! I have been tracking MAAS’s development for some time and I have a feature request.
Since MAAS can provide and manage Dynamic DNS, I think there is a great opportunity to use ACME or simply a cloud-int process to generate and maintain a SSL certificate for the MAAS subdomain. The benefit is that a MAAS Root CA or user provided intermediate CA certificate can create hosts with a pre-generated xyz-abc.maas certificate and maintain said certificates (re-new,re-issue,revoke, OCSP provider …etc). Potentially also provide ACME functionality and ACME proxying functionality to allow for Lets’ encrypt and other Certificate authorities to automate the deployment of fully functioning SSL certificates on each host.
Obviously you could do this using any number of other methods however the opportunity here is to make use of the host configuration and maintenance tools being in the same place.
No follow up with me is needed, just food for thought.