Programmer Humor

22232 readers

502 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

Feyter@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev

pylapp@programming.dev

886

Debugging (lemmy.dbzer0.com)

submitted 2 days ago by Sir_Kevin@lemmy.dbzer0.com to c/programmer_humor@programming.dev

42 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] lowleveldata@lemmy.world 50 points 2 days ago (2 children)

so the other day I sat down trying to setup a SSL cert for my self-hosted services

[–] Dhs92@programming.dev 22 points 1 day ago (3 children)

Have you heard of our Lord and Savior, Traefik + ACME issuers?

[–] hosaka@programming.dev 2 points 16 hours ago

Let's encrypt brother

[–] ByteJunk@lemmy.world 10 points 1 day ago

Let's Encrypt Expiry Bot just entered the chat.

[–] elvith@feddit.org 6 points 1 day ago (2 children)

Does Trafik also allow DNS based challenges with additional certbot plugins, or does it only work by serving a challenge in /.well-known/?

I’ve set up my internal homelab with LE certificates, but if I could get rid of certbot and do this automagically, it’d be nice…

[–] Dhs92@programming.dev 7 points 1 day ago

I have it setup to use DNS challenges through Cloudflare, but it supports different providers as well. I just add the labels to my docker container and voila, I have TLS

[–] rbos@lemmy.ca 4 points 1 day ago (1 children)

Not all dns providers support acme, I've discovered to my recent annoyance. The one I use at work, for instance.

[–] elvith@feddit.org 3 points 1 day ago (1 children)

I already use certbot with my DNS provider, so it should generally be supported. And indeed, O found the docs, where all supported providers are listed.

https://doc.traefik.io/traefik/https/acme/#providers

[–] rbos@lemmy.ca 2 points 1 day ago (1 children)

Yeah. For wildcard DNS from letsencrypt, you can't do HTTP validation, only DNS, which involves creating a TXT record.

Your DNS provider needs to run an ACME server, which runs an API that'll add the required TXT records on request.

As I understand it.

[–] elvith@feddit.org 1 points 22 hours ago

The DNS provider needs to provide an API, but not an ACME server.

Your server contacts Lets Encrypt and wants a certificate - say for homeserver.example.com. It tells Let's Encrypt to use DNS based authentication. Let's encrypt answers with a challenge code, that you now publish as a txt record with a defined name via your providers API for this (sub)domain. Let's encrypt then checks the TXT record and if it finds the challenge there, it sends you the certificate.

[–] redhat421@lemmy.world 4 points 1 day ago

Might want to check out swag from linuxserver.io

It's a docker/kubernetes container image with a working certbot client in it.