A little solution for properly encrypted HTTP traffic in semi-public networks.
Let's Encrypt, as everyone knows, offers
publicly-recognized SSL certificates. Pretty much the only downside is, that
these are only issued with validity period of 90 days. Default ACME challenge
http-01) requires some HTTP server to be publicly accessible on
address pointed by domain, for which certificate is issued.
This makes it particularly hard, when you don't want these services to be public, and neither have you got any stable public facing address available.
My solution for that is using
dns-01 instead. To keep it relatively safe, as
devices in hackerspace-ish environment can get
compromised quite easily, DNS manipulation HTTP endpoint is available with
per-device tokens, which only allow for modification of that
_acme-challenge. TXT DNS record.