I would like to configure
https
for some jailed services on a home server and am curious about my options. Here's what I have considered so far:- Self-signed certificates
- Run a
cron
job in each jail that uses a letsencrypt ACME DNS-01 script and a DNS update script to keep the certs updated. This would require me to hardcode the DNS credentials in all of the scripts. - Run #2 for all of the jails on the host or in a dedicated cert-management jail and copy the output certificates to the other jails using
ssh
. This would protect the DNS credentials a little better.