[tdhttt]

I am doing this and it's fun! The only hassles I had are a. setting up DDNS (since I don't have a static IP) and b. getting a certificate from Let's encrypt with only port 443 open (80 is blocked by my ISP). But other than that, it has been great! Hopefully my ISP won't have a problem with that ;)

[jjacobson93]

I just use a script on a cron that runs every 15 minutes and updates my DNS provider. And for let’s encrypt, I use the DNS verification method so you don’t have to even expose HTTP(S) ports if you don’t need to

[dominikstr]

I wrote a small go app[0] which is invoked every 15 minutes and updates the DNS through the cloudflare API. Its very specific for my use case and ISP but works well.

[0] https://gitlab.com/dominikstraessle/homelab-dns

[3np]

Cool! There's also certbot[0] and lego[1] which can do ACME-DNS with a range of providers beside CF. You could also do tls-alpn, which allows you to do do the challenger encrypted on another port. Sounds like DNS works fine for you, but it's primarily worth considering for those issuing certs for non-public names that shouldn't be broadcasted via public DNS.

[0]: https://github.com/certbot/certbot

[1]: https://github.com/go-acme/lego