Can I use LetsEncrypt with my ISP & Domain hosting service?

ericg75 · June 20, 2023, 2:52pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: N8AAY.US

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Dotster

I can login to a root shell on my machine (yes or no, or I don't know): no

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Dotster

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
My ISP is: Starlink

rg305 · June 20, 2023, 3:28pm

"Can I use LetsEncrypt with my ISP & Domain hosting service?"
In short: Yes.

But I see that your domain is behind CloudFlare; Which is already encrypted and can also easily provide encryption between them and your web server.
So, I'm not sure I understand the question/request sufficiently to be sure about my answer.

ericg75 · June 20, 2023, 4:46pm

Thanks for the info. I also am not sure- I am a dabbler and simply wanting to learn how this all works. I am interested in hosting my own NAS (truenas) and have seen instances of it running on a VM hosted on the web and behind SSL encryption. I realize that I do not need to have this function- it's just that I am curious as to how it gets put together. Beginning with my ISP that uses Carrier-Grade NAT; then onto my domain hosting (Dotster); then onto my LAN. I appreciate your input and discussing this better helps me understand it!

linkp · June 20, 2023, 4:54pm

CGNAT is going to shut you down from direct access to your LAN on the public internet. You will likely benefit from popping over to the Cloudflare Community to learn about using their tunnel. Your ACME client will need to use DNS-01 challenges for any internal hosts since they will be otherwise inaccessible.

rg305 · June 20, 2023, 5:06pm

Agreed, CGNAT is pretty much EXIT ONLY; No one [even you] while outside of your ISP/WiFI/LAN will be able to reach your private/hidden IP.

The only ways to overcome that are:

by using a VPN type tunnel [see @linkp's CF recommendation]
by using IPv6 [if your ISP provides you with IPv6]
but this path might exclude IPv4 only users

ericg75 · June 20, 2023, 5:17pm

Very good on the information and recommendations. I am aware of Cloudflare and will discuss this issue there. Many thanks! /E

system · July 22, 2023, 4:35am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.