universally recognized TLS certs via Let’s Encrypt. DNS challenges are the way to go - you don’t even have to expose your HTTP server
Just a note, as we’ve had this discussion before: DNS ACME challenges will publish the FQDN of every service you encrypt to a public record, which some sites will scrape up. Just in case this bothers some people.
Just a note, as we’ve had this discussion before: DNS ACME challenges will publish the FQDN of every service you encrypt to a public record, which some sites will scrape up. Just in case this bothers some people.