I close my server to access by the outside world, allowing access from Cloudflare IPs. This works well, however causes a couple issues related to LetsEncrypt certificates.
BuyPass is an alternative CA, they publish their origin IP addresses allowing my tradition of trusting as few remote hosts as possible and are supported by acme.sh and certbot.
Is there a way to use BuyPass (or an alternative CA with published host IP addresses) with Hestia?
Another example poor design choices made by this industry, in this case, why doesn’t BuyPass follow the leader and use the same standards established by LE and why doesn’t LE publish their server addresses &/or ASN. URGH.
Let’s Encrypt doesn’t have an ASN to publish. They explain the IPs on their man website. Be sure to follow the link in that FAQ entry for more detail.
@linkp we have a couple clients who insist on using Wix.
Do you think adding a Forwarding URL setting (to mail.example.com) would solve the use case where we want certs for IMAP/POP3/SMTP?
When connecting to IMAP on port 993, Dovecot needs a certificate, in this example, we’ll assume a Let’s Encrypt certificate.
Using your magic we can get that cert for the website and share it with Dovecot, however we have clients that use another provider for their website, I was curious if your magic works in this case. I may, however it seems you haven’t tested it.