You might want to look at another client and dns-01 verification instead of the ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		seized on Dec 18, 2022 \| parent \| context \| favorite \| on: Let's Encrypt now supports ACME-CAA: closing the D... You might want to look at another client and dns-01 verification instead of the annoying mess of http-01. I'm replacing acme.sh with Lego currently. https://go-acme.github.io/lego/ Once you have Cloudflare (or one of many other options) set up it works as easily as you describe. And no port 80 open or special snowflake reverse proxy rules.

vbezhenar on Dec 18, 2022 [–]

I'm aware of it and I'm using it. But I feel uneasy when some software can wreak havoc in my DNS, even if theoretically. For example Cloudflare does not have some kind of very limited "letsencrypt tokens".

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact