[Cryptography] Fast handling of IP Address changes for HTTPS

John Levine johnl at iecc.com
Fri Dec 29 16:55:18 EST 2017


In article <20171229095504.GW20937 at h-174-65.A328.priv.bahnhof.se> you write:
>On 28 Dec 2017 22:14 -0500, from johnl at iecc.com (John Levine):
>> Or just run the web server on the VPS.  They're good at it.
>
>That's probably the best option for self-hosting, IMO. ...

>Otherwise, while I don't use it myself, supposedly Let's Encrypt
>supports validation via DNS. That might be worth looking into as well.

It does, that's how I use it for my mail servers in domains without
web servers.  But you need a DNS setup where you can script updates to
your DNS zones and drive that from the certificate generation, It
works fine for me but I control my own DNS using a DNS management
toaster I wrote myself (which of course runs on a server with a fixed
IP address to serve the DNS zones.)  Short of that, use a VPS.

R's,
John


More information about the cryptography mailing list