I have it setup to use DNS challenges through Cloudflare, but it supports different providers as well. I just add the labels to my docker container and voila, I have TLS
I already use certbot with my DNS provider, so it should generally be supported. And indeed, O found the docs, where all supported providers are listed.
The DNS provider needs to provide an API, but not an ACME server.
Your server contacts Lets Encrypt and wants a certificate - say for homeserver.example.com. It tells Let's Encrypt to use DNS based authentication. Let's encrypt answers with a challenge code, that you now publish as a txt record with a defined name via your providers API for this (sub)domain. Let's encrypt then checks the TXT record and if it finds the challenge there, it sends you the certificate.
LoL, blue shirt has no persistence. Anger and giving up gets you nowhere.
::: spoiler Title text:
40% of OpenBSD installs lead to shark attacks. It's their only standing security issue.
:::
My friend just finished a couple solid days of debugging where there turned out to be a whole series of problems that looked like one bug, so even though he kept fixing things the app still kept not working. Finally hacked his way out of that jungle into the bright light of day.
so the other day I sat down trying to setup a SSL cert for my self-hosted services
Have you heard of our Lord and Savior, Traefik + ACME issuers?
Let's Encrypt Expiry Bot just entered the chat.
Does Trafik also allow DNS based challenges with additional certbot plugins, or does it only work by serving a challenge in /.well-known/?
I’ve set up my internal homelab with LE certificates, but if I could get rid of certbot and do this automagically, it’d be nice…
I have it setup to use DNS challenges through Cloudflare, but it supports different providers as well. I just add the labels to my docker container and voila, I have TLS
Not all dns providers support acme, I've discovered to my recent annoyance. The one I use at work, for instance.
I already use certbot with my DNS provider, so it should generally be supported. And indeed, O found the docs, where all supported providers are listed.
https://doc.traefik.io/traefik/https/acme/#providers
Yeah. For wildcard DNS from letsencrypt, you can't do HTTP validation, only DNS, which involves creating a TXT record.
Your DNS provider needs to run an ACME server, which runs an API that'll add the required TXT records on request.
As I understand it.
The DNS provider needs to provide an API, but not an ACME server.
Your server contacts Lets Encrypt and wants a certificate - say for homeserver.example.com. It tells Let's Encrypt to use DNS based authentication. Let's encrypt answers with a challenge code, that you now publish as a txt record with a defined name via your providers API for this (sub)domain. Let's encrypt then checks the TXT record and if it finds the challenge there, it sends you the certificate.
Wouldn't the authentication API provided by your DNS host be the ACME server?
Let's encrypt brother
Might want to check out swag from linuxserver.io
It's a docker/kubernetes container image with a working certbot client in it.
"oh it was just a missing semicolon"
Linter issue.
Even if you're not using one, you should be instinctively looking for a semicolon the moment you get a syntax error unless you're a complete beginner.
Rubber duck debugging often helps.
I don't like being on this picture.
I’ve been trying and failing to fix an email being sent to spam issue since last fucking Monday (with all the SPF, DMARC and DKIM garbage).
I want to die.
Ironically, spam generators are experts EXPERTS in this trash fire of a topic
Who is OP, and how did you get pictures of me last night?
LoL, blue shirt has no persistence. Anger and giving up gets you nowhere.
::: spoiler Title text: 40% of OpenBSD installs lead to shark attacks. It's their only standing security issue. :::
Laying in bed thinking about the problem, "oh, that must be it!" Jump excitedly out of bed to work on the problem, "welp, that wasn't it."
Sure feels like that sometimes, LOL
Is he giving himself cigarette burns?
Wow that's subtle. Good catch
My friend just finished a couple solid days of debugging where there turned out to be a whole series of problems that looked like one bug, so even though he kept fixing things the app still kept not working. Finally hacked his way out of that jungle into the bright light of day.
Reminder to all you chaos monkeys: use
[Object object]on web forms occasionally for a bit of fun.Edit: and to remind typescript devs they’re just transpiling to JavaScript
I shit you not I got that object object response with a 200 status.
I would be sad too, if someone broke my PC and smashed my home.
Every single day
Just later that day? Clearly, comic man doesn't have to cojones to fuck up as badly as I have.
My favorite so far:
Did the coffee mug go through the wall or up is ass?
Yes
Kinky
Why is he in his undies 😭😭😭