Hi!
Maybe someone can help me with a problem I’m having, vaguely related to self hosting.
I want to use a domain with let’s encrypt certificates locally. I realise the only way to do this is a (automated) DNS-01 challenge if I don’t want to expose anything to the outside.
Those DNS challenges require my name server to have some kind of API to automate the process. My registrar/name server doesn’t have a API unfortunately.
I want to use the opportunity to switch my registrar and name server in one go, but I’m pretty picky…
My wish list is:
- MFA for general account administration
- scoped tokens or account for API access (don’t need or want to manage everything by API)
- can handle .at domains
- not cloudflare
- registrar and name server should be one entity if possible
- european if possible
- supported by ngnix proxy manager if possible
Backup plan would be picking a registrar which supports DNSSEC for .at domains and use desec.io I guess.
But maybe the hive mind has a good recommendation for me? :)
Thank you in advance for reading! I’m aware I’m just a bit extra, but i want to be able to just ignore the whole name server and domain topic for the next ten years again if I can.
Cheers!
You must log in or # to comment.
Using INWX for my .de and .com domain
Cloudflare as my DNS server.Works great. And INWX is reasonable with their fees.
Thank you all so much for your answers, I have a few more options to go through now!
Create a cloud flare accounts and change the name servers at you current registrars to what cloudflare gives you when you try to migrate. Its best practice to split up registrar and DNS anyway. then create an API token so your reverse proxy can build records and certbot a new cert.
selfhost.eu offers dynamic DNS which works perfectly fine with my router, using their API access as documented by them. It also works perfectly well with Let’s Encrypt integrated in Nginx Proxy Manager.
- can handle .at domains
- is not Cloudflare
- is registrar and name server
- is European (Germany)
- supports Nginx Proxy Manager
They’re in the market since 2001, I use them since ca. 2010 and never had any issues. Their website looks ancient, almost historic. But it’s functional.
Your registrar should let you specify who is hosting the DNS records. Pick any host compatible with your client. Personally I use Namecheap and haven’t had to touch it in years.
Not sure if https://www.inwx.de/en ticks all your boxes but it handles .at (Renewal: €15.47 / 1 Year) is located in the EU (Germany) and maybe worth a look. I have all my domains there, works flawlessly.
How are you handling the WHOIS entries ant INWX? Are you paying for the privacy extension? I am looking for another registrar EU based who offers some sort of free whois privacy or respecting the GDPR and not publishing my data online.
https://www.mythic-beasts.com/ in the UK likely ticks almost all your boxes.
Personally I use Porkbun but they don’t support .at domains by the look of it.
I can vouch for Mythic Beasts
OVH have both an API that use and will register a .at domain
Ovh should work.
INWX seems to offer .at Domains as well as an API.
I moved to infomaniak because registering domains come with a free mailbox (or at least they used to - IDK if it’s still like this).
It works fine with lego (as should any other supported one).
I don’t have a registrar to recommend, but for the nameservers (which would already solve your problem) I had a good experience in the past with Hurricane Electric (dns.he.net). AFAIK the only requirement from your list it doesn’t satisfy is being European (not 100% sure about MFA and scoped tokens).
