Comment on How do I use HTTPS on a private LAN without self-signed certs?
xrun_detected@programming.dev 1 week ago
+1 for the letsencrypt wildcard with DNS verification, been using this for years. with dehydrated (github.com/dehydrated-io/dehydrated) you can automate renewing the certs, pretty convenient.
One thing i didn’t see mentioned yet - you can also easily create a wildcard for a subdomain of your domain, e.g. *.local.example.com.
Most DNS providers let you define something like _acme-challenge.local IN TXT … so you don’t even need to define an extra zone for local.example.com.
Probably makes no big difference, but i like it ^^
4am@lemm.ee 1 week ago
If you are really looking for hassle-free this is it. LetsEncrypt root certificates are already trusted by most devices so when your friends come over and wanna control the media library or whatever you don’t need to install your locally hosted CA’s self-signed certificates on their phone.
Also certbot and a cron or systemd timer is all you need; people have rolled all these fancy solutions but I say keep it simple.
sem@lemmy.blahaj.zone 1 week ago
Adding to this, the eff certbot website has really great noob-friendly instructions which really helped me get set up.