Harald<p><span class="h-card" translate="no"><a href="https://fedi.arkadi.one/@tootbrute" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tootbrute</span></a></span> <span class="h-card" translate="no"><a href="https://c.im/@sbb" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>sbb</span></a></span> </p><p>In case you are interested how I solved having a publicly signed SSL certificate for a home server not connected to the Internet, here is what I did:</p><p><a href="https://codeberg.org/harald/Codeschnipselnotizen/src/branch/main/notes/Public_Cert_In_Home_Network.md" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">codeberg.org/harald/Codeschnip</span><span class="invisible">selnotizen/src/branch/main/notes/Public_Cert_In_Home_Network.md</span></a></p><p>The downside: there seems to be no way without having a registered domain. It took me unnecessary time to accept this. The upside: taking the step to get yourself a domain is simpler and cheaper than I was aware of and with the right tool, the rest was easy enough.</p><p><a href="https://nrw.social/tags/dns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dns</span></a> <a href="https://nrw.social/tags/homeserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>homeserver</span></a> <a href="https://nrw.social/tags/acmesh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acmesh</span></a> <a href="https://nrw.social/tags/letsencrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>letsencrypt</span></a></p>
med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon
Administered by:
Server stats:
363active users
med-mastodon.com: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.2
#acmesh
0 posts · 0 participants · 0 posts today
DrScriptt<p>I started a discussion with fellow <a href="https://oldbytes.space/tags/sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sysadmin</span></a> about updating <a href="https://oldbytes.space/tags/BIND" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BIND</span></a> / <a href="https://oldbytes.space/tags/named" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>named</span></a> config to migrate from the overly permissive allow-update {…} stanzas to the more restricted update-policy {…} stanzas using targeted grant statements.</p><p>The idea being to allow the <a href="https://oldbytes.space/tags/acme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acme</span></a> client to only be able to update (add / delete) _acme-challenge TXT instead of any record in the zone.</p><p>Old:</p><p>allow-update {<br> TSIG_KEY_NAME;<br>};</p><p>New:</p><p>update-policy {<br> grant TSIG_KEY_NAME name _acme-challenge.example.net TXT;<br>};</p><p><a href="https://oldbytes.space/tags/acmesh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acmesh</span></a> <a href="https://oldbytes.space/tags/certbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>certbot</span></a></p>
Olivier Mehani<p>New blog post: Renew DNS-01 Let’s Encrypt certificates with Acme.sh, Docker, SaltStack and Gandi LiveDNS</p><p>The HTTP-based challenge to issue LetsEncrypt certificates can’t be used for internal or non-HTTP servers. This post describes the use of acme.sh in Docker to issue and renew certificates over DNS via SaltStack.</p><p><a href="https://blog.narf.ssji.net/2024/09/30/renew-dns-01-lets-encrypt-certificates-with-acme-sh-docker-saltstack-and-gandi-livedns/" class="" rel="nofollow noopener" target="_blank">https://blog.narf.ssji.net/2024/09/30/renew-dns-01-lets-encrypt-certificates-with-acme-sh-docker-saltstack-and-gandi-livedns/</a></p><p><a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/acme-sh/" target="_blank">#AcmeSh</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/docker/" target="_blank">#Docker</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/gandi-livedns/" target="_blank">#GandiLiveDNS</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/lets-encrypt/" target="_blank">#LetSEncrypt</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/pgp/" target="_blank">#PGP</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/saltstack/" target="_blank">#SaltStack</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/category/engineering/" target="_blank">#engineering</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/category/security/" target="_blank">#security</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/category/sysadmin/" target="_blank">#sysadmin</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/category/tip/" target="_blank">#tip</a></p>
Thijs Alkemade<p>A Chinese CA was exploiting a command injection in a shell script implementing the ACME protocol, and they are now taking everything down? What?!</p><p>I can’t find if this CA was actually trusted by any browser, though.</p><p><a href="https://github.com/acmesh-official/acme.sh/issues/4659" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/acmesh-official/acm</span><span class="invisible">e.sh/issues/4659</span></a></p><p><a href="https://infosec.exchange/tags/acmesh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acmesh</span></a> <a href="https://infosec.exchange/tags/hica" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hica</span></a></p>
Olivier Mehani<p>New blog post: Renewn DNS-01 Let’s Encrypt certificates with Acme.sh, Docker, SaltStack and Gandi LiveDNS</p><p>The HTTP-based challenge to issue LetsEncrypt certificates can’t be used for internal or non-HTTP servers. This post describes the use of acme.sh in Docker to issue and renew certificates over DNS via SaltStack.</p><p><a href="https://blog.narf.ssji.net/2022/10/28/renewn-dns-01-lets-encrypt-certificates-with-acme-sh-docker-saltstack-and-gandi-livedns/" class="" rel="nofollow noopener" target="_blank">https://blog.narf.ssji.net/2022/10/28/renewn-dns-01-lets-encrypt-certificates-with-acme-sh-docker-saltstack-and-gandi-livedns/</a></p><p><a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/acme-sh/" target="_blank">#AcmeSh</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/docker/" target="_blank">#Docker</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/gandi-livedns/" target="_blank">#GandiLiveDNS</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/lets-encrypt/" target="_blank">#LetSEncrypt</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/pgp/" target="_blank">#PGP</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/saltstack/" target="_blank">#SaltStack</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/wip/" target="_blank">#wip</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/category/engineering/" target="_blank">#engineering</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/category/security/" target="_blank">#security</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/category/sysadmin/" target="_blank">#sysadmin</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/category/tip/" target="_blank">#tip</a></p>
Olivier Mehani<p>New blog post: Renew DNS-01 Let’s Encrypt certificates with Acme.sh, Docker, SaltStack and Gandi LiveDNS</p><p>The HTTP-based challenge to issue LetsEncrypt certificates can’t be used for internal or non-HTTP servers. This post describes the use of acme.sh in Docker to issue and renew certificates over DNS via SaltStack.</p><p><a href="https://blog.narf.ssji.net/2022/10/28/renew-dns-01-lets-encrypt-certificates-with-acme-sh-docker-saltstack-and-gandi-livedns/" class="" rel="nofollow noopener" target="_blank">https://blog.narf.ssji.net/2022/10/28/renew-dns-01-lets-encrypt-certificates-with-acme-sh-docker-saltstack-and-gandi-livedns/</a></p><p><a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/acme-sh/" target="_blank">#AcmeSh</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/docker/" target="_blank">#Docker</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/gandi-livedns/" target="_blank">#GandiLiveDNS</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/lets-encrypt/" target="_blank">#LetSEncrypt</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/pgp/" target="_blank">#PGP</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/saltstack/" target="_blank">#SaltStack</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/tag/wip/" target="_blank">#wip</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/category/engineering/" target="_blank">#engineering</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/category/security/" target="_blank">#security</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/category/sysadmin/" target="_blank">#sysadmin</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://blog.narf.ssji.net/category/tip/" target="_blank">#tip</a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload