Re: [bitfolk] Check your certificates!

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M\Mjohn lewis at <-
MMed-bitfolk@s5h.net at ->

Reply to this message
Author: William Anderson
Date:  
To: BitFolk Users
Subject: Re: [bitfolk] Check your certificates!
On Sat, 30 May 2020 at 18:07, Andy Bennett <andyjpb@???> wrote:

> You should be able to get a Lets Encrypt certificate for such devices,
> even
> if they have private IP addresses, provided they have names in the Global
> DNS.
>
> The DNS-01 protocol (rather than HTTP-01) will allow you to prove the
> ownership of those names with DNS records.


Correct, but the CN on the cert doesn’t need to match a live record. Acme
DNS-01 uses a challenge TXT record to auth ownership, e.g. _
acme-challenge.example.com for an example.com cert.

I’ve provisioned loads of LE certs using DNS-01 before creating a DNS
record matching the CN.

-n

>
This message was posted to the following mailing lists:
users
Mailing List Info | Nearby Messages		<-Re: [bitfolk] Check your certificates!Re: [bitfolk] Check your certificates!->
Bitfolk Mailing List Archive administrated by List AdminLurker (version 2.3)