Hello all, I’m looking for a second set of eyes before I potentially screw up all my self hosted services. I’ll be the first to admit I’m not an IT expert and am getting a wee bit lost in all of the reading I’ve been doing so please go easy on me.
I’m currently working to get my domain (already registered) to be used for internal addresses as well as get a working SSL certificate. I am following wolfgangs instructions with the exception that I already have my domain registered with BlueHost. BlueHost does not appear to be directly supported by nginx and wants to charge me $90/year for an SSL certificate which is far more than I’m willing to pay for my little self-hosting hobby.
Fundamentally I believe I need to point my domain to new nameservers which provide support for ‘Let’s Encrypt’. If there were a vendor that offered that as a service I think I could leave the domain with bluehost and simply point the nameservers elsewhere. I “think” cloudflare offers this but its the only one and I’ve heard mixed things about using it from the standpoint of privacy. Does anyone have suggestions?
The other option I see, which seems more broadly supported, is to transfer my domain from bluehost to another vendor. Does anyone have suggestions? I’ve struggled to see the renewal costs when looking at these transfers.
Before fully borking my setup, would appreciate some input on if I’m on the right track or not. Thank you!
A few things
move your name server to a public DNS service that has an API like Linode Domains or Route53
set your public A/AAAA to parked
setup an internal DNS server and configure devices to use it via DHCP
Setup Caddy with the DNS plugin for ACME. This will allow you to get certs locally without exposing anything.
There is little reason for companies to pay for certs let alone individuals. Use Let’s encrypt as it is easy and free.