I never got blacklisted using the same domain and server for more that 4 years now.
What was your provider? Sometimes you get an ip address that is blacklisted already...
I use Hetzner or Privex
I worked for a large bank and we eventually gave up on it for customer emails because trying to keep your domain/IP ranges in the correct lists so that you didn't end up in spam folders was so operationally expensive
Was self-hosting email for maybe 20 years myself - but I'd say I only really understood enough to make it work. Been using https://mailinabox.email/ for the last 5 years or so and I'm pretty happy with that - works better than what I was doing myself using mostly the same underlying tools.
I'm struggling with TLS certificates. I've been self-hosting a BIND instance for my personal domain for 8 years, but I have no idea how to add Let's Encrypt support to that.
So all I do is maintain my zone files manually, so all our devices have their own host name on the domain. But I haven't been able to host any services, because I have no idea where to start learning how to integrate Let's Encrypt.
I want to be able to reach various appliances in our home network (router, modem, etc.) via HTTPS without having to dismiss those scary warnings all the time.
> why do you want a wildcard certificate!?
Because most of those appliances are not connected to the public internet. They do allow uploading a certificate though.
hmmm ... idk. for LAN-based appliances, which will likely even have invalid names a la
* router.my.home
or
* nas.my.home
or whatever "dummy-tld" + local domain one uses ...
so if i want to use certificates in such an environment, i would create my own CA and import its public cert(s) into my browsers - or OSes - certificate-store.
problem solved!!
and also learned some useful lessons regarding "run your own CA" :)
20 comments
[ 3.7 ms ] story [ 55.8 ms ] threadI stopped mostly hosting things, using Syncthing to sync my files. Don't need a lot more.
I worked for a large bank and we eventually gave up on it for customer emails because trying to keep your domain/IP ranges in the correct lists so that you didn't end up in spam folders was so operationally expensive
- email
- a couple meta search engines (librex and searxng)
- a couple of invidious instances
- an xmpp server for chatting with friends
- an openvpn instances
- tor as dns resolver
- pihole as dns blocker (even locally on my laptop)
- jitsi for video meetings
- some webservers (i don't do AWS or similar stuff)
- translation service
- pastebin
- nitter
- gothub
-nextcloud for pictures, address book from my phone (GrapheneOs)
How did you convince them to use XMPP when, for so many, Discord is the "easier" option?
Many nerdy people use Discord, unfortunately.
So all I do is maintain my zone files manually, so all our devices have their own host name on the domain. But I haven't been able to host any services, because I have no idea where to start learning how to integrate Let's Encrypt.
1. what do you want to do with your certificate?
2. why do you want a wildcard certificate!?
imho. its a lot easier - and also a bit safer - to use certificate(s) with actual names in it.
ps. you are able to specify multiple names for a certificate :)
idk for example so its valid for "domain.tld" and "www.domain.tld" etc.
cheersv
I want to be able to reach various appliances in our home network (router, modem, etc.) via HTTPS without having to dismiss those scary warnings all the time.
> why do you want a wildcard certificate!?
Because most of those appliances are not connected to the public internet. They do allow uploading a certificate though.
hmmm ... idk. for LAN-based appliances, which will likely even have invalid names a la
* router.my.home
or
* nas.my.home
or whatever "dummy-tld" + local domain one uses ...
so if i want to use certificates in such an environment, i would create my own CA and import its public cert(s) into my browsers - or OSes - certificate-store.
problem solved!!
and also learned some useful lessons regarding "run your own CA" :)
cheersv
and i'm doing this since a pretty long time-frame ... so i know what i do ;)
using linux in general - the debian gnu/linux distribution on x86/amd64 in particular ...