First, and foremost, thanks for this type of service. I’ve got my home machine setup with a public web server for (mostly) personal use. Up until I started using this service, I was using only a self-signed cert. Mostly a pain for people I introduce to my site, but, hey, I can now skip that particular instruction. Thanks!
My question revolves around the best practice setup for renewing certs in the case that my ISP decides to change my IP at whatever random interval.
Since certificates rely on IPs being the same, I need to find a way to safely satisfy getting a certificate from LE when my IP changes within a reasonable time frame (I’m thinking a poke at my router every 5 minutes), and if it changes, run the job to force a refresh on the cert.
Getting my public IP is simple enough, and I can handle that internally on my LAN or use http://checkip.dyndns.com/. My issue is the ‘not getting banned’ thing. How should I setup cron to do a weekly check, as well as run this custom script to force an update when a new IP is detected?
I’m running a brand new install of Debian 8.6 (Because I destroyed my last server with an unwanted distro upgrade) and have successfully got HTTPS going. Now, just the periodic updates so I don’t need to think about it. :]
I’ve installed the Certbot but I don’t see it has actually installed anything in any cron that I can see in /var/spool/cron