Comment on A bit of my selfhost journey [that no one asked about]
aMockTie@lemmy.world 2 weeks ago
Cheers to your journey so far, and to your continued success!
You can absolutely do free SSL certs with Let’s Encrypt without exposing your infrastructure to the internet. Just use DNS based validation instead of HTTP, copy the required TXT records to your domain as instructed, wait for any cache/TTL of any old records to expire (generally 1-2 hours by default), and finally complete the validation.
You’ll need to renew the certs every 3 months, which could be annoying if done manually. If your Registrar has a decent API, writing a script could be a fun automation project. Alternatively I can also send you scripts that I used to use for that purpose.
InternetCitizen2@lemmy.world 2 weeks ago
Whoa thanks for that nugget of knowledge. Sounds like something I was searching but didn’t run into.
aMockTie@lemmy.world 2 weeks ago
Happy to help!
You can find a bit more information at the URL below, and feel free to message me if you run into any issues getting it set up.
https://letsencrypt.org/docs/challenge-types/#dns-01-challenge
InternetCitizen2@lemmy.world 2 weeks ago
Will do ☺️
Lv_InSaNe_vL@lemmy.world 1 week ago
They also have a bunch of integrations already built in! I use Cloudflare so all you gotta do is throw an API key into the config file and it does the rest. Which is nice cause DNS records can take some time to propagate