HackerTrans
TopNewTrendsCommentsPastAskShowJobs

mrl5

123 karmajoined 4 ปีที่แล้ว

Submissions

TLS certificates for internal services done right

tuxnet.dev
181 points·by mrl5·เมื่อวานซืน·147 comments

comments

mrl5
·เมื่อวาน·discuss
TIL, thanks! This makes dns challange automation more approachable for me. I always had an issue with API keys which scope can't be limited to TXT records. This seems to be a nice workaround

... and it is even already documented at https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mo...
mrl5
·เมื่อวานซืน·discuss
OP here. Actually I tried to use it but apparently prematurely -> https://github.com/acmesh-official/acme.sh/issues/7085#issue...

Once it's supported I think my next iteration will be DNS persist + internal ip addresses on the public zone.

Thank you all for comments and feedback! It's cool to see real interest in this blog post
mrl5
·เมื่อวานซืน·discuss
I've documented how to securely set up TLS certificates for internal services without creating TLS issues for http clients downstream. All thanks to split-horizon DNS, WAF and ACME protocol. All for free!