Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
efortis
1y ago
0 comments
Save
Share
I use acme.sh with DNS challenges on an external machine. Then I push up (rsync) the certs and reload Nginx.
Here’s a blog post
https://blog.uxtly.com/isolated-tls-certificate-creation
0 comments
3 comments · 1 top-level
top
newest
oldest
martinbaun
1y ago
· 2 in thread
Thanks eFortis? I guess this mainly for security and separation of concerns?
efortis
OP
1y ago
Yes, the certificate renewal and the server are more hardened this way.
martinbaun
1y ago
Cool! Do you do other things to hardend the servers like Knockerd?
j
/
k
navigate · click thread line to collapse
