Network upgrades…

It’s been a while since I wrote about home networking stuff – but I’ve been doing some upgrades recently, to improve my home-working situation… So I have product thoughts, and there are a few things I wanted to remember if I ever have to re-do any of this. Continue reading

Clearing up a little confusion with Let’s Encrypt’s DNS challenges

I love Let’s Encrypt. I’ve been using SSL for all my personal projects for years. Until they came along I was using self-signed certificates and manually adding my own root certificate to all the machines I was using my sites from. And that lead to some fun… So I moved eagerly to Let’s Encrypt when the tooling supported Windows reasonably well, and set myself up with a certificate with multiple SANs authenticated via their “HTTP proofs” mechanism, and it all worked fine, despite it being a bit of a pain that I had to expose port 80 for sites I only wanted accessible via port 443.

But I realised recently that they now offer wildcard certs that would make my life simpler, and that there is now decent support for DNS-based proof-of-ownership. So recently I tried moving my server over to this model – and there was a bit of friction. Entirely PEBCAK though – so I’m writing this down for the next time I forget how DNS works 😉 Continue reading