Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

With the DNS option the machine doing the request doesn't have to be the machine using the certificate though.

I have a separate machine doing the DNS challenge and the cert is then distributed to the machine needing it.

Technically true for the regular web challenge, but easier with DNS I think.



I'm doing the same for my personal/home lab stuff. I've been using https://github.com/joohoi/acme-dns for the dns server running on a small vps for all my internal certificates and I haven't had any issues with it.


This is what I do as well. I have set up acme.sh[1] on a Raspberry Pi on my home network, which isn't accessible from the outside. It is triggered every night by a systemd timer and renews (using the DNS challenge) and deploys all expiring certificates.

[1] https://github.com/acmesh-official/acme.sh




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: