Comment by 5d41402abc4b
Comment by 5d41402abc4b 2 days ago
If your server is not accessible from the internet you need to use DNS based authentication for which you need to have a DNS API key lying around on your server which is a significant risk.
Comment by 5d41402abc4b 2 days ago
If your server is not accessible from the internet you need to use DNS based authentication for which you need to have a DNS API key lying around on your server which is a significant risk.
Put the ACME challenges in their own DNS zones. Grant the key permission to only that zone. Risk mitigated.