My domain is:
2590bw.ddns.net (for now)
I ran this command: NA
It produced this output: NA
My web server is (include version): Don’t know.
The operating system my web server runs on is (include version): Linux: Ubuntu 20.04 LTS, other.
My hosting provider, if applicable, is: No-IP (for now)
I can login to a root shell on my machine (yes or no, or I don't know):Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):NA
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Don’t know.
I need general/guidance about how to use LE certificate to encrypt few of my internal resources.
I have a few devices with front-end web server, this includes:
Blue Iris VMS
I’m aware of an ACME communication via port 80 and this is my issue; I cannot do port forward.
I have No-IP domains, but I believe it does not support DNS records modifications via API…
If I get new domains from registrar that does support API. Do you think in my case I can use LE certificates successfully?
@Overplay7975, welcome to the Let's Encrypt community.
Here the 3
Challenge Types - Let's Encrypt supported, you mentioned potential issue with Port 80 and referenced DNS Records; so I am guessing the DNS-01 Challenge is what you are thinking of.
Here list some of the
DNS providers who easily integrate with Let's Encrypt DNS validation, it is a good place to start.
And here is a list of some of the
ACME Client Implementations - Let's Encrypt and there is this list https://acmeclients.com/ too.
It may turn out that there is a better Free ACME CA for you; here is a comparison of some
ACME CA Comparison - Posh-ACME
Let's Debug the DNS-01 is OK https://letsdebug.net/2590bw.ddns.net/1352376
Actually it is the DNS provider (which may or may not be your domain name registrar or hosting company) that needs the API.
DNS providers who easily integrate with Let's Encrypt DNS validation
Very likely; however with your list of devices we will need more knowledgeable Let's Encrypt community volunteers to chime in on different parts.
Ok thank you for the info. I will get back to this later and will ask more/update!
January 28, 2023, 1:35am
You can also redirect the
DNS-01 authentication request via CNAMEs.
[check with NO-IP to see if they allow TXT record CNAMEs]
So, in effect, those requests can go anywhere you chose...
You can even host your own DNS server to satisfy them.
You don't need to buy a domain to get a free cert.
February 27, 2023, 1:36am
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.