Comment by samgranieri
15 hours ago
Just use a dns server like technitium, bind, or powerdns and set up rfc2136 for the dns01 challenge.
If you’d like, turn on the dns recursion features too. Or string it together with a pi-hole/unbound/adguard home.
Change the DNS settings on your vlan.
Create something like .infogulch as your homelab.
Install step-ca to create an internal certificate authority. Their documentation is pretty straightforward to follow.
Yes, you have to install the public root ca cert in your device trust stores on any device that you want to resolve traffic to, and that’s obnoxious, but trust me, the payoff is worth it.
Install the rfc2136 plugin in the caddy web server, and ask caddy to use the dns01 challenge against your step-ca server and one of the dns servers I mentioned.
With caddy/step-ca/and one of those dns servers, caddy will just up and handle it all for you.
Done.
The payoff? You can mint whatever you want and it won’t have to be uploaded to a certificate transparency server!
Happy Homelabbing
No comments yet
Contribute on Hacker News ↗