acme-dns-certbot-joohoi
certbot_dns_duckdns
acme-dns-certbot-joohoi | certbot_dns_duckdns | |
---|---|---|
3 | 1 | |
208 | 65 | |
- | - | |
0.0 | 7.0 | |
13 days ago | 4 months ago | |
Python | Python | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
acme-dns-certbot-joohoi
-
Is it okay to use letsencrypt for internet facing websites? I was going to buy a digicert cert. what's the downsides to letsencrypt vs paid public CAs?
Check this out https://github.com/joohoi/acme-dns-certbot-joohoi
-
my solution to domain, certificates, ports etc (zero cost and no external server or third-party service needed)
we can use tool such as certbot to get certificates from let's encrypt (in traditional way). and to get one using DNS-01 challenge you can use something like acme-dns-certbot. even further the addition of TXT DNS record can be automated using a provider (in our case duckdns) specific tool/plugin for example certbot_dns_duckdns
-
Ask HN: What's your solution for SSL on internal servers?
DNS alias mode:
* https://dan.langille.org/2019/02/01/acme-domain-alias-mode/
* https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mo...
* https://www.eff.org/deeplinks/2018/02/technical-deep-dive-se...
You want the name "internal.example.com". In your external DNS you create a CNAME from "_acme-challenge.internal.example.com" and point it to (e.g.) "internal.example.net" or "internal.dns-auth.example.com"
When you request the certificate you specify the "dns-01" method. The issuer (e.g., LE) will go to the the external DNS server for the look up, see that it is a CNAME and then follow the CNAME/alias, and do the verification at the final hostname.
So your ACME client has to do a DNS (TXT) record update, which can often be done via various APIs, e.g.:
* https://github.com/AnalogJ/lexicon
You can even run your own DNS server locally (in a DMZ?) if your DNS provider does not have an convenient API. There are servers written for this use case:
* https://github.com/joohoi/acme-dns
* https://github.com/joohoi/acme-dns-certbot-joohoi
* https://github.com/pawitp/acme-dns-server
certbot_dns_duckdns
-
my solution to domain, certificates, ports etc (zero cost and no external server or third-party service needed)
we can use tool such as certbot to get certificates from let's encrypt (in traditional way). and to get one using DNS-01 challenge you can use something like acme-dns-certbot. even further the addition of TXT DNS record can be automated using a provider (in our case duckdns) specific tool/plugin for example certbot_dns_duckdns
What are some alternatives?
acme-dns-server - Simple DNS server for serving TXT records written in Python
ddns-updater - Container to update DNS records periodically with WebUI for many DNS providers
lexicon - Manipulate DNS records on various DNS providers in a standardized way.
dyndns - Small, simple, and generic dynamic DNS client
mkcert - A simple zero-config tool to make locally trusted development certificates with any names you'd like.
docker-nginx-certbot - Automatically create and renew website certificates for free using the Let's Encrypt certificate authority.
acme.sh - A pure Unix shell script implementing ACME client protocol
GoDNS - A dynamic DNS client tool that supports AliDNS, Cloudflare, Google Domains, DNSPod, HE.net & DuckDNS & DreamHost, etc, written in Go.
hancock - a simple certificate manager
acme-dns - Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.