I'm struggling with TLS certificates. I've been self-hosting a BIND instance for my personal domain for 8 years, but I have no idea how to add Let's Encrypt support to that.

So all I do is maintain my zone files manually, so all our devices have their own host name on the domain. But I haven't been able to host any services, because I have no idea where to start learning how to integrate Let's Encrypt.

You mean make Bind capable of creating TXT records for letsencrypt?

If that’s what it takes to get a wildcard certificate, then yes.

hello,

1. what do you want to do with your certificate?

2. why do you want a wildcard certificate!?

imho. its a lot easier - and also a bit safer - to use certificate(s) with actual names in it.

ps. you are able to specify multiple names for a certificate :)

idk for example so its valid for "domain.tld" and "www.domain.tld" etc.

cheersv

> what do you want to do with your certificate

I want to be able to reach various appliances in our home network (router, modem, etc.) via HTTPS without having to dismiss those scary warnings all the time.

> why do you want a wildcard certificate!?

Because most of those appliances are not connected to the public internet. They do allow uploading a certificate though.

hello,

hmmm ... idk. for LAN-based appliances, which will likely even have invalid names a la

* router.my.home

or

* nas.my.home

or whatever "dummy-tld" + local domain one uses ...

so if i want to use certificates in such an environment, i would create my own CA and import its public cert(s) into my browsers - or OSes - certificate-store.

problem solved!!

and also learned some useful lessons regarding "run your own CA" :)

cheersv

Was self-hosting email for maybe 20 years myself - but I'd say I only really understood enough to make it work. Been using https://mailinabox.email/ for the last 5 years or so and I'm pretty happy with that - works better than what I was doing myself using mostly the same underlying tools.

Yes, Mailinabox works surprisingly well, not to mention that it takes care even of requesting and deploying SSL Certificates.

I personally self host

- email

- a couple meta search engines (librex and searxng)

- a couple of invidious instances

- an xmpp server for chatting with friends

- an openvpn instances

- tor as dns resolver

- pihole as dns blocker (even locally on my laptop)

- jitsi for video meetings

- some webservers (i don't do AWS or similar stuff)

- translation service

- pastebin

- nitter

- gothub

-nextcloud for pictures, address book from my phone (GrapheneOs)

> - an xmpp server for chatting with friends

How did you convince them to use XMPP when, for so many, Discord is the "easier" option?

Have nerdy friends? We used Mumble+XMPP for years until my (highly technically inclined) friend group merged with another substantially less-so one.

> Have nerdy friends?

Many nerdy people use Discord, unfortunately.

used to self host email, but not getting blacklisted was pure pain - so I switched to fastmail.

I stopped mostly hosting things, using Syncthing to sync my files. Don't need a lot more.

I never got blacklisted using the same domain and server for more that 4 years now. What was your provider? Sometimes you get an ip address that is blacklisted already... I use Hetzner or Privex

I have a personal instance of Nextcloud running on a Raspberry Pi. As for self hosting other apps/tools, I'm just a bit too lazy to do that.

Yes. Expect "hosting" means I can access all kind of services via public SSH-port.

Email is one of the hardest things to self-host because of spam filtering.

Did you use a turnkey solution like Mailinabox or Ireadmail?

The problem is around DNS/IP whitelisting

I worked for a large bank and we eventually gave up on it for customer emails because trying to keep your domain/IP ranges in the correct lists so that you didn't end up in spam folders was so operationally expensive

yes ... everything i need.

and i'm doing this since a pretty long time-frame ... so i know what i do ;)

using linux in general - the debian gnu/linux distribution on x86/amd64 in particular ...