Setting up a root and a immediate CA is significantly more fun though ;)
It's also teaches you more about PKI which is a good skill to have.
Comment on Let’s Encrypt Begins Supporting IP Address Certificates
AliasVortex@lemmy.world 4 days ago
That’s kind of awesome! I have a bunch of home lab stuff, but have been putting off buying a domain (I was a broke college student when I started my lab and half the point was avoiding recurring costs- plus I already run the DNS, as far as the WAN is concerned, I have whatever domain I want). My loose plan was to stand up a certificate authority and push the root public key out with active directory, but being able to certify things against Let’s Encrypt might make things significantly easier.
oasis@piefed.social 4 days ago
WhyJiffie@sh.itjust.works 4 days ago
but for the love of god and your own benefit, put a name constraint directly on the root cert
fmstrat@lemmy.nowsci.com 4 days ago
I use a domain, but for homelab I eventually switched to my own internal CA.
Instead of having to do
service.domain.tld
it’s nice to doservice.lan
.martin@lemmy.caliban.io 4 days ago
Any good instructions you would recommend for doing this?
fmstrat@lemmy.nowsci.com 3 days ago
I just use openssl"s built in management. I have scripts that set it up and generate a
.lan
domain, and instructions for adding it to clients. I could make a repo and writeup if you would like?As the other commenter pointed out,
.lan
is not officially sanctioned for local use, but it is not used publicly and is a common choice. However you could use whatever you want.eneff@discuss.tchncs.de 3 days ago
use the official home.arpa as specified in RFC 8375
fmstrat@lemmy.nowsci.com 3 days ago
No thanks. I get some people agreed to this, but I’m going to continue to use
.lan
, like so many others. If they ever register.lan
for public use, there will be a lot of people pissed off.IMO, the only reason not to assign a top-level domain in the RFC is so that some company can make money on it. The authors were from Cisco and Nominum, a DNS company purchased by Akamai, but that doesnt appear to be the reason why.
.home
and.homenet
were proposed, but this is from the mailing list:- we cannot be sure that using .home is consistent with the existing (ab)use
- ICANN is in receipt of about a dozen applications for “.home”, and some of those applicants no doubt have deeper pockets than the IETF does should they decide to litigate
…ietf.org/…/PWl6CANKKAeeMs1kgBP5YPtiCWg/
So, corporate fear.
qaz@lemmy.world 4 days ago
FYI you can get a numeric xyz domain for 1$ a year
Serinus@lemmy.world 4 days ago
At least for the first year.
clb92@feddit.dk 4 days ago
Pretty sure it remains $1. But it’s specifically only 6-9 digit numeric .xyz domains.
Zachariah@lemmy.world 3 days ago
nice