How to verify domains in my case?

Overplay7975 · January 27, 2023, 10:03pm

My domain is: 2590bw.ddns.net (for now)

I ran this command: NA

It produced this output: NA

My web server is (include version): Don’t know.

The operating system my web server runs on is (include version): Linux: Ubuntu 20.04 LTS, other.

My hosting provider, if applicable, is: No-IP (for now)

I can login to a root shell on my machine (yes or no, or I don't know):Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):NA

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Don’t know.

Hi all,

I need general/guidance about how to use LE certificate to encrypt few of my internal resources.

I have a few devices with front-end web server, this includes:

Bitwarden

UPS management

Printers

Blue Iris VMS

Pfsense

Core switch

Unify portal

IP phones

I’m aware of an ACME communication via port 80 and this is my issue; I cannot do port forward.

I have No-IP domains, but I believe it does not support DNS records modifications via API…

If I get new domains from registrar that does support API. Do you think in my case I can use LE certificates successfully?

Thank you.

Bruce5051 · January 27, 2023, 10:12pm

Hello @Overplay7975, welcome to the Let's Encrypt community.

Here the 3 Challenge Types - Let's Encrypt supported, you mentioned potential issue with Port 80 and referenced DNS Records; so I am guessing the DNS-01 Challenge is what you are thinking of.

Here list some of the DNS providers who easily integrate with Let's Encrypt DNS validation, it is a good place to start.

And here is a list of some of the ACME Client Implementations - Let's Encrypt and there is this list https://acmeclients.com/ too.

It may turn out that there is a better Free ACME CA for you; here is a comparison of some ACME CA Comparison - Posh-ACME

Using Let's Debug the DNS-01 is OK https://letsdebug.net/2590bw.ddns.net/1352376

Bruce5051 · January 27, 2023, 10:15pm

Actually it is the DNS provider (which may or may not be your domain name registrar or hosting company) that needs the API. DNS providers who easily integrate with Let's Encrypt DNS validation

Very likely; however with your list of devices we will need more knowledgeable Let's Encrypt community volunteers to chime in on different parts.

Bruce5051 · January 27, 2023, 10:21pm

And there is another ACME Client not mentioned on those lists is CertSage ACME client (version 1.4.0) - easy webpage interface, optimized for cPanel, no commands to type, root not required by @griffin.

Overplay7975 · January 27, 2023, 10:29pm

Ok thank you for the info. I will get back to this later and will ask more/update!

rg305 · January 28, 2023, 1:35am

You can also redirect the DNS-01 authentication request via CNAMEs.
[check with NO-IP to see if they allow TXT record CNAMEs]
So, in effect, those requests can go anywhere you chose...
You can even host your own DNS server to satisfy them.

You don't need to buy a domain to get a free cert.

system · February 27, 2023, 1:36am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.