NTS off the ground - time for testing
Richard Laager
rlaager at wiktel.com
Wed Feb 20 14:46:59 UTC 2019
On 2/20/19 7:26 AM, Hal Murray via devel wrote:
> For non public IP Addresses (aka behind a NAT box) you can use self signed
> certificates.
In that scenario, you can still use Let's Encrypt. Use the DNS challenge
method. The Let's Encrypt client (on the NTS-KE server) uses nsupdate
(or similar) to update the entry on the DNS server. This only requires
1) that you setup a dynamically-updatable zone, and 2) that the Let's
Encrypt client (on the NTS-KE server) has outbound (not necessarily
inbound) network access, including via NAT.
--
Richard
More information about the devel
mailing list