Hi, I have been setting up my home Nextcloud server and my latest step has been to try to secure it with SSL. I have found out that many people seem to be using Let’s Encrypt. I know that this tool would work for me. What concerns me a bit is their privacy policy which basically seems to state that all IP addresses and DNS records are liable to being made public and searchable. Whether they are actually doing this at the moment or not I don’t know.
But what I was thinking is that a potential hacker doesn’t need to bother finding me and trying to establish whether I’m running a web server if Let’s Encrypt is basically going to publicly advertise that I am running such a service on my IP address. At the moment my IP address is not on any public DNS as I’m using a dynamic DNS subdomain service. I realise that my Nextcloud server is not completely invisible to the world at the moment and that there are ways of finding out that it exists but it would still seem to me that the details being publicly advertised would raise the threat level.
Am I just being paranoid or do I have genuine concerns? At the moment I’m using a private root certificate but it’s not a very eloquent solution as it has to be installed on every device I access the server with.