tl;dr - I want to set up Let’s Encrypt on XPG-ng host and XO-CE.
Two things I want to solve:
#1 - To use a Let’s Encrypt Cert (DNS verified, not HTTPS verified) for accessing my Xen Orchestra Community Edition webpage.
https://xo-ce.sub.mydomain.net
#2 - Not to have to use “Unauthorized Certificates” here:
https://xcp-ng1.sub.mydomain.net [the host xcp-ng that XO-CE connects to]
I’ve registered a domain name, call it mydomain.net
I’ve DNS mapped homeassistant.sub.mydomain.net to my Home Assistant’s private IP.
I’ve set up HomeAssistant with an auto renewing certificate from Let’s Encrypt. It involved using their official Let’s Encrypt addon and generating an API key to allow the script to do automatic public DNS/domain verification. All worked perfectly.
I want to do this with both XCP-ng (the host) and XO-CE so I don’t have to use self-signed certificates. Bonus for the built in XO-Lite https://xolite.sub.mydomain.net
I’ve seen many results online but they all point to HTTP verification which means having port 80 and 443 publicly open, which I don’t want to do.
Thanks.