Adds DNS Validation for internal services but with TLD #18

Bart1909 · 2025-04-23T13:13:52Z

Bart1909
Apr 23, 2025

I'm currently using Nginx Proxy Manager for my services. Some of them are internal only, some of them are exposed to the internet.
For the internal services I've set the subdomain (e.g. internal-service-1.mydomain.com) in my local DNS to the IP of my Nginx Proxy Manager instance.
There I forward it to the service and use a Let`s Encrypt certificate with DNS validation. Because of the DNS validation I do not need to set actual subdomain in the public DNS.

While I am planning to migrate my exposed services to wiredoor, I see the only chance to migrate the private services with a self signed certificate.

Would be nice if wiredoor could also use DNS challenges for this scenario

dmesad · 2025-04-23T22:16:00Z

dmesad
Apr 23, 2025
Maintainer

Thanks for the detailed explanation, that’s a really interesting use case, and definitely something I’d like to support in Wiredoor in the future.

At the moment, Wiredoor relies on HTTP validation for Let's Encrypt certificates, so for private/internal services without public DNS records, self-signed certs are the only option. But I agree, supporting DNS-01 challenges would be ideal in scenarios like yours.

I’m still exploring how to approach this technically. If you have any suggestions, tools, or workflows you’re currently using for DNS validation, I’d really appreciate the input. It could help shape how we implement DNS-based certificate issuance in Wiredoor.

Happy to collaborate or even accept a contribution if someone wants to help drive this feature forward. 🙌

2 replies

Bart1909 Apr 24, 2025
Author

You are already using certbot for the Lets Encrypt certificates. You can also get certs with dns validation with this, only the command changes a little bit and you need a config file with credentials.
See this examples: https://certbot-dns-cloudflare.readthedocs.io/en/stable/#examples

At Nginx Proxy Manager you get a little textarea where you can insert the credentials which are then saved for this certifate (for renewal):

B08Z Jul 14, 2025

I would love to see this. It would also enable the ability for users to 'hide' their public IP address behind the cloudflare proxy.
This would be especially useful for those who are hosting on home lab (with no VPS) and dont like the idea of home network being exposed on port 80.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Wiredoor

Adds DNS Validation for internal services but with TLD #18

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment 2 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Wiredoor

Adds DNS Validation for internal services but with TLD #18

Uh oh!

Bart1909 Apr 23, 2025

Replies: 1 comment · 2 replies

Uh oh!

dmesad Apr 23, 2025 Maintainer

Uh oh!

Bart1909 Apr 24, 2025 Author

Uh oh!

B08Z Jul 14, 2025

Bart1909
Apr 23, 2025

Replies: 1 comment 2 replies

dmesad
Apr 23, 2025
Maintainer

Bart1909 Apr 24, 2025
Author