| ▲ | JoshTriplett 2 days ago | |||||||
Certbot is definitely one of the strongest arguments against ACME and Let's Encrypt. Personally, I find that tls-alpn-01 is even nicer than dns-01. You can run a web server (or reverse proxy) that listens to port 443, and nothing else, and have it automatically obtain and renew TLS certificates, with the challenges being sent via TLS ALPN over the same port you're already listening on. Several web servers and reverse proxies have support for it built in, so you just configure your domain name and the email address you want to use for your Let's Encrypt account, and you get working TLS. | ||||||||
| ▲ | Shadowmist 2 days ago | parent [-] | |||||||
Does this only work if LE can reach port 443 on one of your servers/proxies? | ||||||||
| ||||||||