Digitalboard/docs
5
1
Fork 0
Code Pull requests 1 Activity Actions

chore: Adding meeting attendees and background info

Browse source
This commit is contained in:
Tom Jampen 2025-10-21 14:43:39 +00:00
parent c82716a991
commit ead70c9ef3
1 changed files with 12 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
infrastructure/acme.md
View file

@ -10,6 +10,18 @@ We agreed to use **ACME DNS-01 challenges** for issuing certificates for **both
- Keep **low TTLs** (e.g., 60-120s) on both CNAME and TXT records to speed up renewals.
- Restrict write access to the challenge zone to the ACME automation only.
## Meetings
- 05.08.2025: Bert-Jan Fikse, Tobias Schaller, Tobias Wüst, Tom Jampen (inital version)
## Background
The following article explains how DNS-01 challenges can be effectively used to issue Let's Encrypt certificates for servers with internal IP addresses:
- https://lists.bfh.science/pipermail/bfh-linux-announce/2021-September/000134.html
The following manpage explains important implementation details for correctly handling DNS-01 challenges:
- https://sources.debian.org/src/open-infrastructure-service-tools/20250626-2/dehydrated/share/man/dehydrated-nsupdate.1.rst#L20
## Reference Design
**Dedicated zone:**
`_acme.digitalboard.ch`