On 2/20/19 7:26 AM, Hal Murray via devel wrote: > For non public IP Addresses (aka behind a NAT box) you can use self signed > certificates.
In that scenario, you can still use Let's Encrypt. Use the DNS challenge method. The Let's Encrypt client (on the NTS-KE server) uses nsupdate (or similar) to update the entry on the DNS server. This only requires 1) that you setup a dynamically-updatable zone, and 2) that the Let's Encrypt client (on the NTS-KE server) has outbound (not necessarily inbound) network access, including via NAT. -- Richard _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
