Roland0 wrote: > ownership isn't required, you can also use e.g. a duckdns subdomain > the subdomain / host name doesn't have to exist, and you can get > wildcard certificates (so one can use e.g. *.internal.domain.com with a > single SSL cert) > Letsencrypt only offers wildcard certificates using DNS-01 challenge, meaning that you must be able to control the DNS server to add/remove a TXT entry.
> > The challenge takes a couple of seconds, so the webserver only has to be > online for that. could be done with e.g. some dyndns, or just point the > domain at the public ip for that time if you have one (or use a VPS, > which one can get for ~2 EUR/month) > Yes, but that requires more programming skills and the point here is that people appear to expect that this could work out-of-the-box. It doesn't. Also don't forget that Letsencrypt certificates are only valid for 90 days and thus you must repeat these actions regularly. > > A internal DNS proxy / server can map queries for the domain used in the > certificate to the correct LAN IPs (*.internal.domain.com -> 192...). No > public IP, and nothing is exposed to the outside. > You can also simply edit the hosts file (%windir%\system32\drivers\etc\hosts on Windows), either way I'm sure that by now we have lost the topic starter completely. > I thought about that (using 'mkcert' > (https://github.com/FiloSottile/mkcert)), but decided against it for a > number of reasons (mainly the one you mentioned, but also since it > generally seemed to be huge hassle ) (...) :confused: ------------------------------------------------------------------------ gordonb3's Profile: http://forums.slimdevices.com/member.php?userid=71050 View this thread: http://forums.slimdevices.com/showthread.php?t=115555 _______________________________________________ discuss mailing list [email protected] http://lists.slimdevices.com/mailman/listinfo/discuss
