Let's Encrypt now supports ACME-CAA: closing the DV loophole

• Caddy

  402 53,718 9.5 Go

  Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

  

> So I can spend some time preparing this DNS configuration and then writing simple cronjob to fetch certificate every day and restart apache.

> That would be vastly superior to current certbot horror and as secure.

Have you looked at Apache's mod_md, which allows you to integrate with ACME providers without certbot?

Here's the documentation, it's available since Apache 2.4.30: https://httpd.apache.org/docs/2.4/mod/mod_md.html

I actually wrote a blog post about using Apache for that and other things, and moved my personal workloads over to it (still using Nginx and other servers at work): https://blog.kronis.dev/tutorials/how-and-why-to-use-apache-...

In short, in addition to having lots of useful modules, Apache has recently gotten the aforementioned ACME functionality, which makes it a bit more easy to use, like how web servers like Caddy also have "automatic HTTPS" functionality: https://caddyserver.com/

I'm yet to find a good self-hosted WAF solution, since mod_security doesn't seem popular or documented enough, even though it is better than nothing.

• lego

  55 7,290 8.9 Go

  Let's Encrypt/ACME client and library written in Go

  

https://go-acme.github.io/lego/

Once you have Cloudflare (or one of many other options) set up it works as easily as you describe. And no port 80 open or special snowflake reverse proxy rules.

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

Suggest a related project