• 🩷 eva 🩷@mastodon.bsd.cafe
    link
    fedilink
    arrow-up
    13
    arrow-down
    2
    ·
    4 months ago

    @solrize @thehatfox get a free wildcard cert for your domain and use it just like any other. nothing new, nothing different. I have those running on LAN-only hosts behind a firewall and NAT with no port punching or UpNP or any ingress possible.

    if you don’t want to run a private CA with automated cert distribution (also simple with ansible or a few tens of LOC in shell or python), the LetsEncrypt is trivial and costs nothing – still requires one to load the cert and key onto a server though, which is 2/3 of the work vs private CA cert management.

    • Findmysec@infosec.pub
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      edit-2
      4 months ago

      Private CA is the only way for domains which cannot be resolved on the Internet

    • JackbyDev@programming.dev
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 months ago

      How do you propose to get LetsEncrypt to offer you a certificate for a domain name you do not and cannot control?