(github.com)

246 points nh2 | 1 comments | 18 Oct 24 06:10 UTC | HN request time: 0s | source

Show context

ndsipa_pomu ◴[22 Oct 24 08:36 UTC] No.41912342[source]▶

I prefer to assign an external name to an internal device and grab a free SSL cert from LetsEncrypt, but using DNS challenge instead as internal IP addresses aren't reachable by their servers.

replies(9): >>41912368 #>>41912827 #>>41913126 #>>41913387 #>>41913720 #>>41913826 #>>41916306 #>>41917079 #>>41917804 #

djhworld ◴[22 Oct 24 10:10 UTC] No.41912827[source]▶

>>41912342 #

I last looked at LetsEncrypt maybe 8-9 years ago, I thought it was awesome but not suitable for my internal stuff due to the http challenge requirement, so I went down the self signed CA route and stuck with that, and didn’t really keep up with developments in the space

It was only until recently someone told me about the DNS challenge and I immediately ported everything over with a wildcard cert - its been great!

replies(1): >>41914886 #

1. bmicraft ◴[22 Oct 24 14:53 UTC] No.41914886[source]▶

>>41912827 #

They've introduced the dns challenge almost 9 years ago, you must have barely missed it!

↑

Just want simple TLS for your .internal network?