Following a recent post on how I use Tailscale and NextDNS to manage my home network
Tailscale Part 3 - How I run my Home NetworkI’ve written quite a bit about Tailscale and its features. In this post, I’ll be covering how I’ve utilised the technology in
Hard to believe you used to have to pay for a TLS certificate. I use Let’s Encrypt with cert-manager on my kubernetes cluster and it still amazes me how SSL just happens. Even just using certbot makes the job extremely simple.
For cert-manager to work you need to have the ingress controller port (or I guess another port) exposed publicly? Or it supports DNS verification? I thought about doing this, but I am essentially having my cluster fully in a private network which I connect with wireguard from outside, but maybe I should reconsider?
I am keen to know a little bit more about your setup
I am using cloudflare DNS, which cert-manager requires an API key to edit the DNS entries. Documentation on this can be found here. It seems to support a number of DNS APIs, you can view those here.
Aha, yes that makes perfect sense. I remembered now that I checked some time ago and my DNS is not supported. But maybe I will move to acme-dns, it seems very hacky, I love it!
Hard to believe you used to have to pay for a TLS certificate. I use Let’s Encrypt with cert-manager on my kubernetes cluster and it still amazes me how SSL just happens. Even just using certbot makes the job extremely simple.
There even are still some (shitty) webhosts that require payment for a TLS certificate, because they refuse to support letsencrypt.
For cert-manager to work you need to have the ingress controller port (or I guess another port) exposed publicly? Or it supports DNS verification? I thought about doing this, but I am essentially having my cluster fully in a private network which I connect with wireguard from outside, but maybe I should reconsider?
I am keen to know a little bit more about your setup
I am using cloudflare DNS, which cert-manager requires an API key to edit the DNS entries. Documentation on this can be found here. It seems to support a number of DNS APIs, you can view those here.
Aha, yes that makes perfect sense. I remembered now that I checked some time ago and my DNS is not supported. But maybe I will move to acme-dns, it seems very hacky, I love it!
And what is worse-
It wasn’t cheap either! Some of the SSL cert providers were charging hundreds/thousands for a certificate!
The less evil ones, were still charging 30$ or so.