Harald<p><span class="h-card" translate="no"><a href="https://fedi.arkadi.one/@tootbrute" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tootbrute</span></a></span> <span class="h-card" translate="no"><a href="https://c.im/@sbb" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>sbb</span></a></span> </p><p>In case you are interested how I solved having a publicly signed SSL certificate for a home server not connected to the Internet, here is what I did:</p><p><a href="https://codeberg.org/harald/Codeschnipselnotizen/src/branch/main/notes/Public_Cert_In_Home_Network.md" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">codeberg.org/harald/Codeschnip</span><span class="invisible">selnotizen/src/branch/main/notes/Public_Cert_In_Home_Network.md</span></a></p><p>The downside: there seems to be no way without having a registered domain. It took me unnecessary time to accept this. The upside: taking the step to get yourself a domain is simpler and cheaper than I was aware of and with the right tool, the rest was easy enough.</p><p><a href="https://nrw.social/tags/dns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dns</span></a> <a href="https://nrw.social/tags/homeserver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>homeserver</span></a> <a href="https://nrw.social/tags/acmesh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acmesh</span></a> <a href="https://nrw.social/tags/letsencrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>letsencrypt</span></a></p>
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
266active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.2
#acmesh
0 posts · 0 participants · 0 posts today
DrScriptt<p>I started a discussion with fellow <a href="https://oldbytes.space/tags/sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sysadmin</span></a> about updating <a href="https://oldbytes.space/tags/BIND" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BIND</span></a> / <a href="https://oldbytes.space/tags/named" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>named</span></a> config to migrate from the overly permissive allow-update {…} stanzas to the more restricted update-policy {…} stanzas using targeted grant statements.</p><p>The idea being to allow the <a href="https://oldbytes.space/tags/acme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acme</span></a> client to only be able to update (add / delete) _acme-challenge TXT instead of any record in the zone.</p><p>Old:</p><p>allow-update {<br> TSIG_KEY_NAME;<br>};</p><p>New:</p><p>update-policy {<br> grant TSIG_KEY_NAME name _acme-challenge.example.net TXT;<br>};</p><p><a href="https://oldbytes.space/tags/acmesh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acmesh</span></a> <a href="https://oldbytes.space/tags/certbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>certbot</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload