Let’s Encrypt and desec.io (dyndns) w/o external access
If you want to build your own and “local only” server environment you may request valid ssl certificates following this scenario yet. It is not neccessary to forward or open ports from WAN (external) to LAN (internal). DynDNS by deSEC supports the DNS challenge protocol to make it easy for you to obtain certificates for your domain name easily from anywhere. All you need is certbot, your credentials and desec’s certbot hook script.
- logon to your server vi ssh as a non-root user
- switch to root by issuing “sudo -s”
- create the file hook.sh by issuing: “vi hook.sh” and paste the content from git 1:1
- close and safe the file and make it executable by “chmod +x hook.sh”
chmod +x hook.sh
- create the second file called “.dedynauth” by issuing “vi .dedynauth” and replace the token and the domain name with yours.
# Place your dedyn.io access token here: DEDYN_TOKEN=ae03a3985a6a0aa963aa230a884a136a35aaa7 # Set your dedyn.io domain name here: DEDYN_NAME=nextclouddomain.dedyn.io
- perform “apt install certbot -y”
apt install certbot -y
- and finally request your certs by issuing
certbot --manual --text --preferred-challenges dns --manual-auth-hook ./hook.sh -d "nextclouddomain.dedyn.io" certonly
You can now operate your Nextcloud with valid ssl certificates in your local environment… even a bit more secure!
Please keep in mind to donate for desec.io, a great service, available 24/7 for FREE!