HackerTrans
トップ新着トレンドコメント過去質問紹介求人

mrl5

122 カルマ登録 4 年前

投稿

TLS certificates for internal services done right

tuxnet.dev
180 ポイント·投稿者 mrl5·一昨日·142 コメント

コメント

mrl5
·19 時間前·議論
TIL, thanks! This makes dns challange automation more approachable for me. I always had an issue with API keys which scope can't be limited to TXT records. This seems to be a nice workaround

... and it is even already documented at https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mo...
mrl5
·一昨日·議論
OP here. Actually I tried to use it but apparently prematurely -> https://github.com/acmesh-official/acme.sh/issues/7085#issue...

Once it's supported I think my next iteration will be DNS persist + internal ip addresses on the public zone.

Thank you all for comments and feedback! It's cool to see real interest in this blog post
mrl5
·一昨日·議論
I've documented how to securely set up TLS certificates for internal services without creating TLS issues for http clients downstream. All thanks to split-horizon DNS, WAF and ACME protocol. All for free!