• Elvith Ma'for@feddit.org
      6·
      1 day ago

      Does Trafik also allow DNS based challenges with additional certbot plugins, or does it only work by serving a challenge in /.well-known/?

      I’ve set up my internal homelab with LE certificates, but if I could get rid of certbot and do this automagically, it’d be nice…

      • Rob Bos@lemmy.caEnglish
        4·
        21 hours ago

        Not all dns providers support acme, I’ve discovered to my recent annoyance. The one I use at work, for instance.

          • Rob Bos@lemmy.caEnglish
            2·
            15 hours ago

            Yeah. For wildcard DNS from letsencrypt, you can’t do HTTP validation, only DNS, which involves creating a TXT record.

            Your DNS provider needs to run an ACME server, which runs an API that’ll add the required TXT records on request.

            As I understand it.

            • Elvith Ma'for@feddit.org
              1·
              13 minutes ago

              The DNS provider needs to provide an API, but not an ACME server.

              Your server contacts Lets Encrypt and wants a certificate - say for homeserver.example.com. It tells Let’s Encrypt to use DNS based authentication. Let’s encrypt answers with a challenge code, that you now publish as a txt record with a defined name via your providers API for this (sub)domain. Let’s encrypt then checks the TXT record and if it finds the challenge there, it sends you the certificate.

      • Dhs92@programming.dev
        7·
        1 day ago

        I have it setup to use DNS challenges through Cloudflare, but it supports different providers as well. I just add the labels to my docker container and voila, I have TLS