This seems super overcomplicated. What I would do is put all the subdomains on the public DNS, let HTTP(S) through the firewall for the respective hosts, deny everything from outside of your local network on the http server that isn’t under the DNS challenge path and then run the DNS challenge as you would for a public site.
Then you can get certs, everyone outside trying to access will get 403, and inside the network you can access as normal.
Of course you’ll have to trust your http server’s ACL for that, but I’m just going to assume servers like nginx (which I use) have a reliable implementation.
=> More informations about this toot | View the thread | More toots from 2xsaiko@discuss.tchncs.de
=> View ComradeMiao@lemmy.dbzer0.com profile
text/geminiThis content has been proxied by September (3851b).