nginx
September 23, 2019
I have a well-documented obsession with pretty URLs, and this extends even to my
internal home network. I have way too much stuff bouncing around in my head to
have to remember IP addresses when a domain name is much easier to remember.
LetsEncrypt launched to offer free SSL certificates
to anyone, but the most crucial feature of their infrastructure, and one someone
should have figured out before then, was scriptable automatically renewing
certificates. Basically they validate you do in fact own the domain using
automated methods, then issue you the new certificate. Thus, your certificates
can be renewed on a schedule with no interaction from you.
Traditionally, they have done this by placing a file in the webroot and looking
for that file before issuing the certificate (see my earlier blog post about
Zero Downtime nginx Letsencrypt Certificate Renewals Without the nginx Plugin
for more detail about this.)
But what happens when you want to issue an internal certificate? One for a
service that is not accessible to the outside world, and thus, not visible using
the webroot method? Well, it turns out there is a solution for that too!
Read More