letsencrypt certs for disconnected hosts (Was Re: update-ca-certificates)

To: debian-user@lists.debian.org
Subject: letsencrypt certs for disconnected hosts (Was Re: update-ca-certificates)
From: Andy Smith <andy@strugglers.net>
Date: Thu, 14 Dec 2023 12:13:57 +0000
Message-id: <[🔎] ZXrxhc39xPZPHp9x@mail.bitfolk.com>
In-reply-to: <[🔎] 20231213195000.259c9f6c@jhegaala.localdomain>
References: <[🔎] 8f940077-1197-451e-b765-5da729479811@columbus.rr.com> <[🔎] 5875420e-d9ea-43fe-8df4-6ac6220d15b9@gmail.com> <[🔎] 20231213195000.259c9f6c@jhegaala.localdomain>

Hello,

On Wed, Dec 13, 2023 at 07:50:00PM -0700, Charles Curley wrote:
> On Thu, 14 Dec 2023 09:34:37 +0800
> jeremy ardley <jeremy.ardley@gmail.com> wrote:
> 
> > You don't have to be your own CA. It's very easy to use letsencrypt
> > to generate valid certificates for hosts even if they are not
> > directly connected to the internet.
> 
> Oooh, is there a writeup somewhere on how to do that? The last time I
> looked, I couldn't find one. But that was a while ago.

Normally you do it with DNS-01 challenges, which you answer by
(programmatically) putting something in your DNS zone, either by RFC
compliant DNS update or by using an API plugin for your DNS
provider. By this means you can get a certificate for anything that
is in (your part of) the global DNS.

Any of the letsencrypt clients should have decent documentation of
DNS-01 challenges. I really like acme.sh in preference to certbot.

Thanks,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Reply to:

References:
- update-ca-certificates
  - From: Pocket <pocket@columbus.rr.com>
- Re: update-ca-certificates
  - From: jeremy ardley <jeremy.ardley@gmail.com>
- Re: update-ca-certificates
  - From: Charles Curley <charlescurley@charlescurley.com>

Prev by Date: Re: raid10 is killing me, and applications that aren't willing towait for it to respond
Next by Date: Re: update-ca-certificates
Previous by thread: Re: update-ca-certificates
Next by thread: Re: update-ca-certificates
Index(es):
- Date
- Thread