Let’s Encrypt and desec.io (dyndns) w/o external access

If you want to build your own and “local only” server environment you may request valid ssl certificates following this scenario yet. It is not neccessary to forward or open ports from WAN (external) to LAN (internal). DynDNS by deSEC supports the DNS challenge protocol to make it easy for you to obtain certificates for your domain name easily from anywhere. All you need is certbot, your credentials and desec’s certbot hook script.

  1. logon to your server vi ssh as a non-root user
  2. switch to root by issuing “sudo -s”
    sudo -s
  3. create the file hook.sh by issuing: “vi hook.sh” and paste the content from git 1:1
    vi hook.sh
  4. close and safe the file and make it executable by “chmod +x hook.sh”
    chmod +x hook.sh
  5. create the second file called “.dedynauth” by issuing “vi .dedynauth” and replace the token and the domain name with yours.

    vi .dedynauth
    # Place your dedyn.io access token here:
    # Set your dedyn.io domain name here:
  6. perform “apt install certbot -y”
    apt install certbot -y
  7. and finally request your certs by issuing
    certbot --manual --text --preferred-challenges dns --manual-auth-hook ./hook.sh -d "nextclouddomain.dedyn.io" certonly

You can now operate your Nextcloud with valid ssl certificates in your local environment… even a bit more secure!

Please keep in mind to donate for desec.io, a great service, available 24/7 for FREE!

Thank you!

Carsten Rieger

Carsten Rieger

Carsten Rieger is a senior system engineer in full-time and also working as an IT freelancer. He is working with linux environments for more than 13 years, an Open Source enthusiast and highly motivated on linux installation and troubleshooting. Mostly working with Debian/Ubuntu Linux, Nginx and Apache web server, MariaDB/MySQL/PostgreSQL, PHP, Cloud infrastructure (e.g. Nextcloud) and other open source projects (e.g. Roundcube) and in voluntary work for the Dr. Michael & Angela Jacobi Stiftung for more than 7 years.