This webpage provides instructions for using the acme-dns DNS challenge method with various ACME clients to obtain HTTPS certificates for private networks. Caddy, Traefik, cert-manager, acme.sh, LEGO and Certify The Web are listed as ACME clients that support acme-dns. For each client, configuration examples are provided that show how to set API credentials and other settings to use the acme-dns service at https://api.getlocalcert.net/api/v1/acme-dns-compat to obtain certificates. Interesting that so many ACME clients support the acme-dns service, providing an easy way to obtain HTTPS certificates for private networks.

HN https://news.ycombinator.com/item?id=36674224

seiferteric: Proposes an idea for automatically creating trusted certificates for new devices on a private network.

hartmel: Mentions SCEP which allows automatic certificate enrollment for network devices.

mananaysiempre: Thinks using EJBCA for this, as hartmel suggested, adds unnecessary complexity.

8organicbits: Describes a solution using getlocalcert which issues certificates for anonymous domain names.

austin-cheney: Has a solution using TypeScript that checks for existing certificates and creates them if needed, installing them in the OS and browser.

bruce511: Says automating the process is possible.

lolinder: Mentions Caddy will automatically create and manage certificates for local domains.

frfl: Uses Lego to get a Let’s Encrypt certificate for a local network website using the DNS challenge.

donselaar: Recommends DANE which works well for private networks without a public CA, but lacks browser support.

  • thedaly@reseed.it
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    Big fan of letsencrypt’s certbot with the nginx and cloudflare (or other dns providers) plugins.

    Is there any reason to use caddy or traefik over nginx?

    • lchapman@programming.dev
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      Caddy takes almost all of the nginx boilerplate and handles it for you.

      If you’re doing something simple in nginx, it’s far simpler with Caddy.

    • LedgeDrop@lemm.ee
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      I found traefik to be a more feature rich, load balancer when used in kubernetes environments. Other than use in kubernetes, I’d say if you’re happy with nginx, keep using nginx :)

    • steltek@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I haven’t tried it yet but I vaguely recall traefik had a better proxy-auth setup while nginx locked it away behind their freemium plan.