Please explain ACME cert update method
-
Hi,
I wanted a Let's Encrypt cert for my pfSense router... something that I could eventually re-use (using HAProxy?) for my web server on a PC on the LAN.
I had trouble generating the cert but I found this guide on YT:
And it works great, but it seems like it doesn't use pfSense recommended validation method of DNS. I had to choose a new webgui port instead of 80, turn off the webgui redirect, open a fw rule for port 80 to the pfsense router, and I can only access the webgui now using my external domain name even if im on the LAN (where the LE cert works). Trying to access the webgui using hostname.domainname fails now.
So, it works, but it seems like if I could get it working using the DNS method instead of HTTP standalone server, then I could go back to using more default settings.
The problem is that I have no idea what the DNS method is trying to do! I have my own domain name that i've got from nsupdate.info (a free version of the old DynDNS service that started charging for the service).
Am I supposed to enter my nsupdate.info credentials in the cert "validation method"? Am I correct in assuming it's the DNS-nsupdate method I need to choose? I do not understand the mapping between "server", "key", "key algo" and the "update URL" that I use to update my IP address using the DynDNS service towards nsupdate.info.