+1 to let’s encrypt and certbot, but pro tip: remember to actually set up certbot, or your friends will laugh at you when your systems all break 6 months later…
Comment on Just another "we are all going to die" prediction
dan@upvote.au 4 days agoDebian is ready - as of the latest release, all software in the official repo is being compiled with 64-bit time. wiki.debian.org/ReleaseGoals/64bit-time
MSBBritain@lemmy.world 4 days ago
BCsven@lemmy.ca 4 days ago
Sadly the 32bit NAS is stuck at Wheezy, Jessie if you mess around, as the kernel is too big otherwise.
groet@feddit.org 4 days ago
Many people (me included) like the appeal of a self signed cert in a small homelab. You basically get certificate pinning for free after you trust the cert on all clients.
With your idea, you either have to list a local IP in your public DNS record, or highjack your local DNS to point to the local IP. Both feel inelegant. And you have to give your NAS write access to your API key of your DNS registrar
dan@upvote.au 4 days ago
The DNS recordz for your internal servers don’t have to be public - they can be only on an internal DNS server if you want to do that. Only the
_acme-challengesubdomain has to be public. Let’s Encrypt does follow CNAMEs.You can use a separate DNS server just for Let’s Encrypt, as it follows CNAMEs. I use acme-dns for this. Let’s Encrypt supports IPv6-only DNS servers so I have my acme-dns instance listening on an IPv6 address in the /64 range on one of my VPSes.