Hello,
On Wed, Dec 13, 2023 at 07:50:00PM -0700, Charles Curley wrote:
On Thu, 14 Dec 2023 09:34:37 +0800
jeremy ardley <jeremy.ardley@gmail.com> wrote:
You don't have to be your own CA. It's very easy to use letsencrypt
to generate valid certificates for hosts even if they are not
directly connected to the internet.
Oooh, is there a writeup somewhere on how to do that? The last time I
looked, I couldn't find one. But that was a while ago.
Normally you do it with DNS-01 challenges, which you answer by (programmatically) putting something in your DNS zone, either by RFC
compliant DNS update or by using an API plugin for your DNS
provider. By this means you can get a certificate for anything that
is in (your part of) the global DNS.
Any of the letsencrypt clients should have decent documentation of
DNS-01 challenges. I really like acme.sh in preference to certbot.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)