How to setup SSL on an Internal IP address
The big down sides to this approach is:
1. Your DNSd must have some programmatic API support
2. If your API key is leaked, then an attacker could control your DNS Zone. Oops. It’s probably best to create an API key for *.int.example.com to limit the blast radius.
That's up to the provider's permissions model.
— 🧗♂️ Matt Holt (@mholt6) March 28, 2021
3. https://tools.ietf.org/id/draft-ietf-dnsop-dontpublish-unreachable-01.txt
Here are the Caddy httpd DNS providers:
https://github.com/caddy-dns/
These are the DNS providers LetsEncrypt supports (that Caddy might not)
https://go-acme.github.io/lego/dns/
How I built Caddy with Cloudflare DNS support:
xcaddy build –with github.com/caddy-dns/cloudflare
My Caddyfile (configuration) looked like:
intyt.dabase.com {
tls {
dns cloudflare SECRET
}
}
Don’t mess up the config like I did initially 🤣 https://github.com/caddy-dns/cloudflare/issues/22#issuecomment-808051807
If you know of a better way of making SSL work for internal machines … do let me know.
This all kicked off from this tweet: https://twitter.com/kaihendry/status/1361974247141171203
Use DNS validation on AWS! https://dabase.com/blog/2020/Amazon-Certificate-Manager-Pro-Tip/
ip address
