Hi, I'm looking for best solution for securing my home server with SSL.
I have dynamic ip-addresses and a name server, that does not support DNS-01 challenge (STRATO).
It worked quite a time with TLS-01 challenge but let's encrypt doesn't support this any longer and I had to switch to HTTP-01 challenge. For this to work, I have to open port 80 and NAT it thru the UTM. Last renewals I opened this manually and closed it after renewal.
I tryed limiting the NAT-rule to let's encrypts ip. That didn't work.
I could change my name server to cloudflare to use DNS-01 challenge and update my ip via Dyn-O-Matic, but that doesn't look for me as best practice.
Any better ideas?
This thread was automatically locked due to age.