Ancestors

Written by Serge from Babka on 2025-01-20 at 15:46

EDIT: I'm going to use LetsEncrypt, DNS challenge, and then either configure Caddy to use DNS challenge, or switch to another proxy.

This will also work nicely with my VPN, so all's good there.

Thanks all. If you're going to suggest LetsEncrypt DNS challenge, I'm with you. Something else? Love to hear it!

SSL/TLS question for folks.

I run a number of services inside my home network. Since they're all local, I run them without SSL/TLS, so plain http. The problem is modern browsers complain loudly when you use a non-encrypted service.

I can't use LetsEncrypt because the services are local only, not exposed to the Internet.

I could make a self-signed certificate, but that will cause some applications to fail since self-signed certs are generally frowned upon, and I can't easily add my CA certificate to every device in my home.

Do you run a homelab with web services? If so, how do you handle this problem.

[#]AskFedi #Homelab

=> More informations about this toot | More toots from serge@babka.social

Written by Georg on 2025-01-20 at 17:01

@serge You already got a solution, however I do have a hint which might help.

Acme.sh and dnscontrol both allow issueing a certificate using a DNS challenge. You can then deploy the certs whereever you like. Thats basically my setup, if can assist if you want.

=> More informations about this toot | More toots from gcrkrause@hachyderm.io

Written by Serge from Babka on 2025-01-20 at 17:31

@gcrkrause

I'm a little confused. How is this different than the proposed solution the other folks who mentioned DNS challenges laid out?

=> More informations about this toot | More toots from serge@babka.social

Toot

Written by Georg on 2025-01-20 at 17:32

@serge Its not. I just suggested software I prefer to use and wanted to empathize that DNS challenges are the way to go.

Sorry for any confusion!

=> More informations about this toot | More toots from gcrkrause@hachyderm.io

Descendants

Written by Serge from Babka on 2025-01-20 at 17:33

@gcrkrause

No worries, I just didn't understand.

=> More informations about this toot | More toots from serge@babka.social

Written by Georg on 2025-01-20 at 17:36

@serge For me LetsEncrypt is only the service, most people use certbot to interact with it. While certbot is the best thing to do for beginners in basic setups, I don't really like using it (but last time I tried was several years ago, so this might changed). So I wanted to offer alternatives if you experience the same.

=> More informations about this toot | More toots from gcrkrause@hachyderm.io