This looks handy, I never bothered to really look into this but it would be great to use for non-internet connected systems I have in the homelab that use "real" domains since I do split DNS.
Archive: https://archive.today/a3BU1
From the post:
>So, you have a service that needs a TLS certificate.
A convenient way to get a certificate is to utilize a certificate authority that supports the ACME protocol. For example Let’s Encrypt. Below, I will refer to this as the ACME server.
The ACME server has no idea who you really are. But they can verify that you are affiliated with the domains in question. During the ordering process they will issue a challenge so that you can assert that technically you control the domain names that you’re requesting a certificate for.
If your service is on the Internet and talks HTTP, the process is quite straight-forward.
The service will be reachable via a public IP address. On port 80, the ACME client will respond to requests on a URL that follows a certain pattern, and when the ACME server has verified that the URL contains the correct response data, it will mint your certificate.
This is the HTTP-01 challenge, one of two challenges defined in RFC 8555. On their website, Let’s Encrypt provides clear descriptions of the challenge types they support and those descriptions are a bit easier to digest than the RFC itself.
This looks handy, I never bothered to really look into this but it would be great to use for non-internet connected systems I have in the homelab that use "real" domains since I do split DNS.
Archive: https://archive.today/a3BU1
From the post:
>>So, you have a service that needs a TLS certificate.
A convenient way to get a certificate is to utilize a certificate authority that supports the ACME protocol. For example Let’s Encrypt. Below, I will refer to this as the ACME server.
The ACME server has no idea who you really are. But they can verify that you are affiliated with the domains in question. During the ordering process they will issue a challenge so that you can assert that technically you control the domain names that you’re requesting a certificate for.
If your service is on the Internet and talks HTTP, the process is quite straight-forward.
The service will be reachable via a public IP address. On port 80, the ACME client will respond to requests on a URL that follows a certain pattern, and when the ACME server has verified that the URL contains the correct response data, it will mint your certificate.
This is the HTTP-01 challenge, one of two challenges defined in RFC 8555. On their website, Let’s Encrypt provides clear descriptions of the challenge types they support and those descriptions are a bit easier to digest than the RFC itself.
