Stefans Weblog<p>Für Home Assistant lässt sich mit dem Add-on Let's Encrypt ein eigenes SSL-Zertifikat erstellen, um die Kommunikation zwischen dem Server und den Clients abzusichern.</p><p><a href="https://strobelstefan.de/blog/2025/03/29/home_assistant_-_lets_encrypt_zertifikate_automatisch_erstellen.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">strobelstefan.de/blog/2025/03/</span><span class="invisible">29/home_assistant_-_lets_encrypt_zertifikate_automatisch_erstellen.html</span></a></p><p><a href="https://mastodon.social/tags/letsencrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>letsencrypt</span></a> <a href="https://mastodon.social/tags/acmesh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>acmesh</span></a> <a href="https://mastodon.social/tags/homeassistant" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>homeassistant</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
mastodon.gamedev.place is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server focused on game development and related topics.
Administered by:
Server stats:
5.1Kactive users
mastodon.gamedev.place: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.8
#acmesh
0 posts · 0 participants · 0 posts today
Harald<p><span class="h-card" translate="no"><a href="https://fedi.arkadi.one/@tootbrute" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>tootbrute</span></a></span> <span class="h-card" translate="no"><a href="https://c.im/@sbb" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>sbb</span></a></span> </p><p>In case you are interested how I solved having a publicly signed SSL certificate for a home server not connected to the Internet, here is what I did:</p><p><a href="https://codeberg.org/harald/Codeschnipselnotizen/src/branch/main/notes/Public_Cert_In_Home_Network.md" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">codeberg.org/harald/Codeschnip</span><span class="invisible">selnotizen/src/branch/main/notes/Public_Cert_In_Home_Network.md</span></a></p><p>The downside: there seems to be no way without having a registered domain. It took me unnecessary time to accept this. The upside: taking the step to get yourself a domain is simpler and cheaper than I was aware of and with the right tool, the rest was easy enough.</p><p><a href="https://nrw.social/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dns</span></a> <a href="https://nrw.social/tags/homeserver" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>homeserver</span></a> <a href="https://nrw.social/tags/acmesh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>acmesh</span></a> <a href="https://nrw.social/tags/letsencrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>letsencrypt</span></a></p>
DrScriptt<p>I started a discussion with fellow <a href="https://oldbytes.space/tags/sysadmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sysadmin</span></a> about updating <a href="https://oldbytes.space/tags/BIND" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BIND</span></a> / <a href="https://oldbytes.space/tags/named" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>named</span></a> config to migrate from the overly permissive allow-update {…} stanzas to the more restricted update-policy {…} stanzas using targeted grant statements.</p><p>The idea being to allow the <a href="https://oldbytes.space/tags/acme" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>acme</span></a> client to only be able to update (add / delete) _acme-challenge TXT instead of any record in the zone.</p><p>Old:</p><p>allow-update {<br> TSIG_KEY_NAME;<br>};</p><p>New:</p><p>update-policy {<br> grant TSIG_KEY_NAME name _acme-challenge.example.net TXT;<br>};</p><p><a href="https://oldbytes.space/tags/acmesh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>acmesh</span></a> <a href="https://oldbytes.space/tags/certbot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>certbot</span></a></p>
Olivier Mehani<p>New blog post: Renew DNS-01 Let’s Encrypt certificates with Acme.sh, Docker, SaltStack and Gandi LiveDNS</p><p>The HTTP-based challenge to issue LetsEncrypt certificates can’t be used for internal or non-HTTP servers. This post describes the use of acme.sh in Docker to issue and renew certificates over DNS via SaltStack.</p><p><a href="https://blog.narf.ssji.net/2024/09/30/renew-dns-01-lets-encrypt-certificates-with-acme-sh-docker-saltstack-and-gandi-livedns/" class="" rel="nofollow noopener noreferrer" target="_blank">https://blog.narf.ssji.net/2024/09/30/renew-dns-01-lets-encrypt-certificates-with-acme-sh-docker-saltstack-and-gandi-livedns/</a></p><p><a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/acme-sh/" target="_blank">#AcmeSh</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/docker/" target="_blank">#Docker</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/gandi-livedns/" target="_blank">#GandiLiveDNS</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/lets-encrypt/" target="_blank">#LetSEncrypt</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/pgp/" target="_blank">#PGP</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/saltstack/" target="_blank">#SaltStack</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/category/engineering/" target="_blank">#engineering</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/category/security/" target="_blank">#security</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/category/sysadmin/" target="_blank">#sysadmin</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/category/tip/" target="_blank">#tip</a></p>
Olivier Mehani<p>New blog post: Renew DNS-01 Let’s Encrypt certificates with Acme.sh, Docker, SaltStack and Gandi LiveDNS</p><p>The HTTP-based challenge to issue LetsEncrypt certificates can’t be used for internal or non-HTTP servers. This post describes the use of acme.sh in Docker to issue and renew certificates over DNS via SaltStack.</p><p><a href="https://blog.narf.ssji.net/2022/10/28/renew-dns-01-lets-encrypt-certificates-with-acme-sh-docker-saltstack-and-gandi-livedns/" class="" rel="nofollow noopener noreferrer" target="_blank">https://blog.narf.ssji.net/2022/10/28/renew-dns-01-lets-encrypt-certificates-with-acme-sh-docker-saltstack-and-gandi-livedns/</a></p><p><a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/acme-sh/" target="_blank">#AcmeSh</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/docker/" target="_blank">#Docker</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/gandi-livedns/" target="_blank">#GandiLiveDNS</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/lets-encrypt/" target="_blank">#LetSEncrypt</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/pgp/" target="_blank">#PGP</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/saltstack/" target="_blank">#SaltStack</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/wip/" target="_blank">#wip</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/category/engineering/" target="_blank">#engineering</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/category/security/" target="_blank">#security</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/category/sysadmin/" target="_blank">#sysadmin</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/category/tip/" target="_blank">#tip</a></p>
Olivier Mehani<p>New blog post: Renewn DNS-01 Let’s Encrypt certificates with Acme.sh, Docker, SaltStack and Gandi LiveDNS</p><p>The HTTP-based challenge to issue LetsEncrypt certificates can’t be used for internal or non-HTTP servers. This post describes the use of acme.sh in Docker to issue and renew certificates over DNS via SaltStack.</p><p><a href="https://blog.narf.ssji.net/2022/10/28/renewn-dns-01-lets-encrypt-certificates-with-acme-sh-docker-saltstack-and-gandi-livedns/" class="" rel="nofollow noopener noreferrer" target="_blank">https://blog.narf.ssji.net/2022/10/28/renewn-dns-01-lets-encrypt-certificates-with-acme-sh-docker-saltstack-and-gandi-livedns/</a></p><p><a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/acme-sh/" target="_blank">#AcmeSh</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/docker/" target="_blank">#Docker</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/gandi-livedns/" target="_blank">#GandiLiveDNS</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/lets-encrypt/" target="_blank">#LetSEncrypt</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/pgp/" target="_blank">#PGP</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/saltstack/" target="_blank">#SaltStack</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/wip/" target="_blank">#wip</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/category/engineering/" target="_blank">#engineering</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/category/security/" target="_blank">#security</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/category/sysadmin/" target="_blank">#sysadmin</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/category/tip/" target="_blank">#tip</a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload