Also wiki-fied, link above.
Oh man, this how-to is super!
Now with extra wiki goodness.
Thinking about this a bit more…
I wrote this up in response to a feature request for built-in support for wildcard certs from Let’s Encrypt. I figured the hard part of that would be automating the required DNS updates (since everyone’s DNS is different), but that acme-dns could be rolled into the Nethserver installation (or built into a module) to greatly simplify the process. But now I have another idea…
Nethesis could host acme-dns itself (perhaps as a subscription benefit). The only thing that would need to be added to the distro then would be:
- The Python hook script, configured to use Nethesis’ acme-dns instance, and
- A GUI element to prompt the user to create the appropriate CNAME entries when necessary
- (optionally) a way to validate that those CNAME entries are in fact created and active on the authoritative nameservers
Could I run acme-dns on NethServer itself?
Maybe as docker container
Of course–that’s what this write-up documents.
No doubt it could be done that way as well, though it seems to me like an unnecessary complication.