[Hackbraten]

I'm struggling with TLS certificates. I've been self-hosting a BIND instance for my personal domain for 8 years, but I have no idea how to add Let's Encrypt support to that.

So all I do is maintain my zone files manually, so all our devices have their own host name on the domain. But I haven't been able to host any services, because I have no idea where to start learning how to integrate Let's Encrypt.

[chippyty]

You mean make Bind capable of creating TXT records for letsencrypt?

[Hackbraten]

If that’s what it takes to get a wildcard certificate, then yes.

[t312227]

hello,

1. what do you want to do with your certificate?

2. why do you want a wildcard certificate!?

imho. its a lot easier - and also a bit safer - to use certificate(s) with actual names in it.

ps. you are able to specify multiple names for a certificate :)

idk for example so its valid for "domain.tld" and "www.domain.tld" etc.

cheersv

[Hackbraten]

> what do you want to do with your certificate

I want to be able to reach various appliances in our home network (router, modem, etc.) via HTTPS without having to dismiss those scary warnings all the time.

> why do you want a wildcard certificate!?

Because most of those appliances are not connected to the public internet. They do allow uploading a certificate though.

[t312227]

hello,

hmmm ... idk. for LAN-based appliances, which will likely even have invalid names a la

* router.my.home

or

* nas.my.home

or whatever "dummy-tld" + local domain one uses ...

so if i want to use certificates in such an environment, i would create my own CA and import its public cert(s) into my browsers - or OSes - certificate-store.

problem solved!!

and also learned some useful lessons regarding "run your own CA" :)

cheersv