Hi Conrad
On 30/10/17 13:06, Conrad Wood wrote:
>
> Thank you. I am quite aware of Lets Encrypt. It doesn't quite fit my
> usecase, specifically:
>
> a) it a pain if you're running several servers, some of which don't
> have webservers, thus callbacks become annoying. (e.g. mailservers/vpn-
> servers/voip servers etc)
There is the DNS-01 option which I've use for servers that have LAN only
connectivity at work, there is lots of examples available on this page:
https://github.com/lukas2511/dehydrated/wiki/Examples-for-DNS-01-hooks
Personally I have used this one with Gandi with good results:
https://github.com/AnalogJ/lexicon
> b) it is only trusted somewhat widely for web, but mail clients (apple-
> mail & iPhone) seem to not accept it for email just as readily. Nor
> does it work for gRPC or OpenVPN very well.
I have used their certificates successfully for mail server, IRC bouncer
and OpenVPN and both Android and iPhone clients.
Just a thought, until Bitfolk offer a CA
Rgds
Peter.