yeah true but if the DNS records aren't actually pointing anywhere then there's no real threat no? because everything stays in the internal network
yeah true but if the DNS records aren't actually pointing anywhere then there's no real threat no? because everything stays in the internal network
exactly. that was the main thing i wanted to avoid. i also have nginx-proxy-manager in front of all my apps which also automates some things (like requesting new certs or renewing them when the time comes)
i have a similar setup at home. the way i did it was using certbot and dns verification. i pointed my domain's NSs to digitalocean's NS and then i downloaded the certbot-digitalocean-dns plugin, created an API key for DO and stored it somewhere and then certbot took care of everything else. nothing is exposed to the internet