1 Jun
2020
1 Jun
'20
7:30 p.m.
On Sat, 30 May 2020 at 18:07, Andy Bennett <andyjpb(a)ashurst.eu.org> wrote:
You should be able to get a Lets Encrypt certificate
for such devices,
even
if they have private IP addresses, provided they have names in the Global
DNS.
The DNS-01 protocol (rather than HTTP-01) will allow you to prove the
ownership of those names with DNS records.
Correct, but the CN on the cert doesn’t need to match a live record. Acme
DNS-01 uses a challenge TXT record to auth ownership, e.g. _
acme-challenge.example.com for an example.com cert.
I’ve provisioned loads of LE certs using DNS-01 before creating a DNS
record matching the CN.
-n