DNSSEC and DNS-01 challenges might do the trick at the cost of significant effort, provided LE could be directed to check, similar to the way MTA-STS works.
“does the lead developer prefer cheddar or brie” Quite right but given I live in Somerset (UK) I can have both: Cheddar is in Somerset and where the eponymous cheese originated and quite a lot of brie is produced here too - it's not the French original effort but rather good.
I have quite a lot of customers that we have migrated from VMware to Proxmox. Some of them are rocking zfs instead of vmfs. Mostly these are Dell servers. Proxmox with zfs seems to be more aggressive about disc failure warnings, which I think is helpful.
I remember being a passenger in an Audi 80 Avant with windsurf boards n that on the roof, traveling from the ruhr in northern Germany to southern Spain, in around 1985. We went via la rue du soleil or a sodding great motorway through France - north to south.
Taken to a hallucinated but logical conclusion, we might define a word such as "cene" to riff off of "meme" and "gene".
The c is for code. If adopted we could spend forever arguing how the c is pronounced and whether the original had a cedilla, circonflex or rhymes with bollocks, which seems somehow appropriate. Everyone uses xene instead. x is chi but most people don't notice.
acme.sh is my recommendation for Linux and anything else that runs a BASH or similar (pfSense has a glorious integration for it) and Simple ACME for Windows. Both support dynamic DNS with CNAME. Certbot doesn't support CNAME for DNS-01 or at least didn't. I was always a fan of Certbot when all I had was http style challenges available.
Setup a DNS server with a zone called (say) challenges.example.co.uk. You will need to own example.co.uk and add NS glue records for the sub zone. You'll need to sort out dynamic DNS too for that zone.
Now you configure your acme.sh or simple acme to put its challenge into challenges.example.co.uk - it will create a TXT record and things should work out.
It is a lot easier, if you can, to run your own public DNS or subscribe to a DNS service that does everything for you.
MD here, of a really small company (and I'm not a doctor).
I'm (mildly) excited by LLMs because I love a new shiny tool that does appear to have quite some utility.
My analogy these days is a screwdriver. Let's ignore screw development for now.
The first screwdrivers, which we still use, are slotted and have a habit of slipping sideways and jumping (camming out). That's err before LLMs ... something ... something.
Fast forward and we have Philips and Pozi and electric drivers. Yes there were ratchet jobs, and I still have one but the cordless electric drilldriver is nearly as magical as the Dr Who sonic effort! That's your modern LLM that is.
Now a modern drilldriver can wrench your wrist if you are not careful and brace properly. A modern LLM will hallucinate like a nineties raver on ecstasy but if you listen carefully and phrase your prompts carefully and ignore the chomping teeth and keep them hydrated, you may get something remarkable out of the creature 8)
Now I only use Chat at the totally free level but I do run several on-prem models using ollama and llama.cpp (all compiled from source ... obviously).
I love a chat with the snappily named "Qwen3.5-35B-A3B-UD-Q4_K_XL" but I'm well aware that it is like an old school Black and Decker off of the noughties and not like my modern De Walt wrist knackerers. I've still managed to get it to assist me to getting PowerDNS running with DNSSEC and LUA and configuring LACP and port channel/trunking and that on several switch brands.
> I'm (mildly) excited by LLMs because I love a new shiny tool that does appear to have quite some utility.
I really think a lot of folks were conned by a smooth operator and a polished demo, so now everyone has to suffer though having this nebulous thing rammed down our throats regardless of its real utility because people with higher pay grades believe it has utility.
It feels like a lot of “AI is inevitable; you are failing to make this abundant future inevitable by your skepticism.”
> Your team's screwdriver usage is only 30% of the company's target. 80% of other teams at Taylor Manufacturing Co. are leveraging Screw Driving tools more often as a regular part of their daily work. If your team doesn't improve, we'll need to come up with a retraining plan.
> But we're the accounting team?
> Doesn't matter. This is a SD-Native company now. We believe everyone can be more productive with an SD-based workflow.
Classic kafka trap! The mere sign of resistance is a sign of a deeper psychological incompatibility that fundamentally needs to be worked through until you agree with the state.
>A modern LLM will hallucinate like a nineties raver on ecstasy but if you listen carefully and phrase your prompts carefully and ignore the chomping teeth and keep them hydrated, you may get something remarkable out of the creature 8)
reply