> > a) it a pain if you're running several servers, some of which don't
> > have webservers, thus callbacks become annoying. (e.g.
> > mailservers/vpn-
> > servers/voip servers etc)
>
> There is the DNS-01 option which I've use for servers that have LAN
> only connectivity at work, there is lots of examples available on
> this page:
>
> https://github.com/lukas2511/dehydrated/wiki/Examples-for-DNS-01-hook
> s
>
> Personally I have used this one with Gandi with good results:
>
> https://github.com/AnalogJ/lexicon
>
> > b) it is only trusted somewhat widely for web, but mail clients
> > (apple-
> > mail & iPhone) seem to not accept it for email just as readily. Nor
> > does it work for gRPC or OpenVPN very well.
>
> I have used their certificates successfully for mail server, IRC
> bouncer and OpenVPN and both Android and iPhone clients.
>
> Just a thought, until Bitfolk offer a CA
I totally agree with a) is possible (it's kind of what I do atm) - it
might just be me who prefers this as a managed service. less scripts,
less stuff to monitor and basically more time to do other stuff :)
I'm somewhat surprised about your message re iPhone phones. Didn't it
pop up on your users' phones and ask them irritating messages?
Especially, my users are concerned because it popped up a rather
prominent message that it's insecure because the issuer is not trusted.
I assumed - perhaps incorrectly - that LetsEncrypt isn't trusted by
iPhones.
