this post was submitted on 16 Dec 2024
366 points (100.0% liked)
Technology
69211 readers
4007 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Interesting. I use LetsEncrypt largely for internal services, of which I expose a handful externally, and I've been thinking of only opening the external port mapping for cert renewals. With this at 90 days, I was planning on doing this once/month or so, but maybe I'll just go script it and try doing it every 2-3 days (and only leave the external ports open for the duration of the challenge/response).
I'm guessing my use-case is pretty abnormal, but it would be super cool if they had support for this use-case. I basically just want my router to handle static routes and have everything be E2EE even on my LAN. Shortening to 6 days is cool from a security standpoint, but a bit annoying for this use-case.
You can use DNS challenge to renew your certificates without opening ports! Have a look at acme.sh for automation.
Oh, awesome! I thought that was a manual process, so I've been using the regular method.
Looks like I have a new project for this weekend. My DNS is currently hosted at Cloudflare, so this should be pretty straightforward.
certbot has modules for most DNS providers as well.