I am, but I'm trying not to do it manually -- I actually use cert-manager[0] on ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		hardwaresofton on Aug 6, 2018 \| parent \| context \| favorite \| on: Let's Encrypt Root Trusted by All Major Root Progr... I am, but I'm trying not to do it manually -- I actually use cert-manager[0] on a tiny kubernetes cluster -- which means when I make an Ingress for an application (app.example.com) (which does what it sounds like), watcher processes kick off and go get a cert for me with http 01 validation currently. This works thanks to cert-manager being able to automate the process of setting up the proper /.well-known/xxx route with access to kubernetes features. cert-manager also supports DNS 01, but of course they support the bigger providers (so they'll take some options and do the web requests to set up the TXT records)... I haven't looked into it a crazy amount (since in the end I can still just make multiple http 01 validated certs), but was just curious. [0]: https://github.com/jetstack/cert-manager/

MertsA on Aug 8, 2018 [–]

FWIW Personally I just use the DNS RFC2136 plugin for certbot. I use bind for DNS.

hardwaresofton on Aug 8, 2018 | [–]

Could you expand on this? You run bind on your server, then you add your own server as an (additional?) nameserver to your domain's registrar?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact