| ▲ | nullwarp 4 days ago | |
I use DNS verification for this then the server doesn't even need to be exposed to the internet. | ||
| ▲ | magicalhippo 3 days ago | parent | next [-] | |
And if changing the DNS entry is problematic, for example the DNS provider used doesn't have an API, you can redirect the challenge to another (sub)domain which can be hosted by a provider that has an API. I've done this and it works very well. I had a Digital Ocean droplet so used their DNS service for the challenge domain. https://letsencrypt.org/docs/challenge-types/#dns-01-challen... | ||
| ▲ | samgranieri 2 days ago | parent | prev [-] | |
I use dns01 in my homelab with step-ca. works like a charm, and it's my private certificate authority | ||