• Chewy
    link
    fedilink
    English
    211 months ago

    The DNS-01 challenge [1] allows for issuing SSL certificates without a publicly routable IP address. It needs API support from your DNS provider to automate it, but e.g. lego [2] supports many services.

    I personally leave my Wireguard VPN always on, but as its only routing the local subnet with my services, it doesn’t even appear in my battery statistics.

    [1] https://letsencrypt.org/docs/challenge-types/#dns-01-challenge

    [2] https://github.com/go-acme/lego

    • @[email protected]
      link
      fedilink
      English
      211 months ago

      Thank you for the info and the links. That seems like a more sensible approach. Hope to try it out after the work week is done.