TLS certificate acquisition with the DNS dynamic setup

Question

TLS certificate acquisition with the DNS dynamic setup

jerabaul29 opened this issue 3 years ago · 2 comments

The documentation for the DNS dynamic setup:

https://docs.nitrokey.com/nextbox/remote/dynamic-dns.html

is quite detailed about the guided dynamic DNS setup with desec.io (I guess because the user needs to take some steps themselves, which forced explaining the steps etc), but the TLS / certificate acquisition system is quite obscure. Which certificate provider is being used (is it Let's Encrypt?)? Which acquisition mechanism is used (is it some form of Certbot or similar?)? How does the nitty gritty technical details are performed when the user click on the nextbox enable TLS button?

Answer 1 · 2021-10-04T10:08:31.000Z

(I think it may be worth to both explain this here, but also more importantly add some documentation on the dynamic-dns page :) ).

Answer 2 · 2021-10-05T16:21:30.000Z

yap, clearly worth documenting, see todo here: Nitrokey/nitrokey-documentation#38

in short:

let's encrypt is the certificate issuer
certbot is used without a plugin, just webroot
apache configuration is handled by nextbox-daemon