Comment on SSL certificates for things inside the lab
stratself@lemdro.id 3 days ago
Look into DNS-01 challenge where instead of exposing 80/443, you obtain a cert by creating a TXT record for your domain. This requires your ACME client to support talking to your DNS provider’s API. For certbot they’re installable via plugins, for lego-acme many providers are included.
starshipwinepineapple@programming.dev 2 days ago
This is what i do. Have certbot running every night, and it’ll auto skip if it is too soon to renew. If renew is successful then it’ll deploy. Pretty much set and forget it.