Thanks to all the wonderful info here and on joohoi’s github I think i have a basic understanding of setting up a self-hosted acme-dns server at home. But I have a few questions on the best practices for securing the installation. I think I will use certbot—acme-dns-certbot-joohoi—acme-dns docker instance.
I assume I will port forward 53 from my firewall to the internal VM hosting the acme-dns server. I am loathe to leave the server up with an open port 53 to the Internet. So I will get certbot to bring up the acme-dns instance as required. This seems easier than opening and closing the port on the actual firewall which is on another machine and not particularly friendly to scripted (re-)configuration
- does this seem reasonable, is there a better way say ufw on server (VM) to close the port or something
- can acme-dns be persuaded to log for DNS, who is talking to it; I can see the logs about what, but not who was asking.
- does LE work equally well on 53/udp only; if I turn off the acme-dns server and it is UDP only, it will be more of a ‘black hole’