Following a recent post on how I use Tailscale and NextDNS to manage my home network
Tailscale Part 3 - How I run my Home NetworkI’ve written quite a bit about Tailscale and its features. In this post, I’ll be covering how I’ve utilised the technology in
Hard to believe you used to have to pay for a TLS certificate. I use Let’s Encrypt with cert-manager on my kubernetes cluster and it still amazes me how SSL just happens. Even just using certbot makes the job extremely simple.
For cert-manager to work you need to have the ingress controller port (or I guess another port) exposed publicly? Or it supports DNS verification? I thought about doing this, but I am essentially having my cluster fully in a private network which I connect with wireguard from outside, but maybe I should reconsider?
I am keen to know a little bit more about your setup
I am using cloudflare DNS, which cert-manager requires an API key to edit the DNS entries. Documentation on this can be found here. It seems to support a number of DNS APIs, you can view those here.
There’s no question in my mind, letsencrypt is a major boon the the entire Internet.
Hard to believe you used to have to pay for a TLS certificate. I use Let’s Encrypt with cert-manager on my kubernetes cluster and it still amazes me how SSL just happens. Even just using certbot makes the job extremely simple.
For cert-manager to work you need to have the ingress controller port (or I guess another port) exposed publicly? Or it supports DNS verification? I thought about doing this, but I am essentially having my cluster fully in a private network which I connect with wireguard from outside, but maybe I should reconsider?
I am keen to know a little bit more about your setup
I am using cloudflare DNS, which cert-manager requires an API key to edit the DNS entries. Documentation on this can be found here. It seems to support a number of DNS APIs, you can view those here.
And what is worse-
It wasn’t cheap either! Some of the SSL cert providers were charging hundreds/thousands for a certificate!
The less evil ones, were still charging 30$ or so.
There even are still some (shitty) webhosts that require payment for a TLS certificate, because they refuse to support letsencrypt.
Every website I’ve ever set up has used letsencrypt, not sure where small business pages would be without it.