HackerLangs
TopNewTrendsCommentsPastAskShowJobs

mrl5

122 karmajoined vor 4 Jahren

Submissions

TLS certificates for internal services done right

tuxnet.dev
178 points·by mrl5·vorgestern·140 comments

comments

mrl5
·vor 15 Stunden·discuss
TIL, thanks! This makes dns challange automation more approachable for me. I always had an issue with API keys which scope can't be limited to TXT records. This seems to be a nice workaround

... and it is even already documented at https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mo...
mrl5
·gestern·discuss
OP here. Actually I tried to use it but apparently prematurely -> https://github.com/acmesh-official/acme.sh/issues/7085#issue...

Once it's supported I think my next iteration will be DNS persist + internal ip addresses on the public zone.

Thank you all for comments and feedback! It's cool to see real interest in this blog post
mrl5
·vorgestern·discuss
I've documented how to securely set up TLS certificates for internal services without creating TLS issues for http clients downstream. All thanks to split-horizon DNS, WAF and ACME protocol. All for free!