Comment

Comment on Let’s Encrypt Begins Supporting IP Address Certificates

That’s kind of awesome! I have a bunch of home lab stuff, but have been putting off buying a domain (I was a broke college student when I started my lab and half the point was avoiding recurring costs- plus I already run the DNS, as far as the WAN is concerned, I have whatever domain I want). My loose plan was to stand up a certificate authority and push the root public key out with active directory, but being able to certify things against Let’s Encrypt might make things significantly easier.

source

Sort:hotnew top

qaz@lemmy.world ⁨4⁩ ⁨days⁩ ago
FYI you can get a numeric xyz domain for 1$ a year

source
- Serinus@lemmy.world ⁨4⁩ ⁨days⁩ ago
  At least for the first year.
  
  source
  - clb92@feddit.dk ⁨4⁩ ⁨days⁩ ago
    Pretty sure it remains $1. But it’s specifically only 6-9 digit numeric .xyz domains.
    
    source
    Zachariah@lemmy.world ⁨3⁩ ⁨days⁩ ago
    nice
    
    source
oasis@piefed.social ⁨4⁩ ⁨days⁩ ago
Setting up a root and a immediate CA is significantly more fun though ;)
It's also teaches you more about PKI which is a good skill to have.

source
- WhyJiffie@sh.itjust.works ⁨4⁩ ⁨days⁩ ago
  but for the love of god and your own benefit, put a name constraint directly on the root cert
  
  source
fmstrat@lemmy.nowsci.com ⁨4⁩ ⁨days⁩ ago
I use a domain, but for homelab I eventually switched to my own internal CA.

Instead of having to do service.domain.tld it’s nice to do service.lan.

source
- martin@lemmy.caliban.io ⁨4⁩ ⁨days⁩ ago
  Any good instructions you would recommend for doing this?
  
  source
  - fmstrat@lemmy.nowsci.com ⁨3⁩ ⁨days⁩ ago
    I just use openssl"s built in management. I have scripts that set it up and generate a .lan domain, and instructions for adding it to clients. I could make a repo and writeup if you would like?
    
    As the other commenter pointed out, .lan is not officially sanctioned for local use, but it is not used publicly and is a common choice. However you could use whatever you want.
    
    source
  - eneff@discuss.tchncs.de ⁨3⁩ ⁨days⁩ ago
    use the official home.arpa as specified in RFC 8375
    
    source
    fmstrat@lemmy.nowsci.com ⁨3⁩ ⁨days⁩ ago
    No thanks. I get some people agreed to this, but I’m going to continue to use .lan, like so many others. If they ever register .lan for public use, there will be a lot of people pissed off.
    
    IMO, the only reason not to assign a top-level domain in the RFC is so that some company can make money on it. The authors were from Cisco and Nominum, a DNS company purchased by Akamai, but that doesnt appear to be the reason why. .home and .homenet were proposed, but this is from the mailing list:
    
    we cannot be sure that using .home is consistent with the existing (ab)use
    
    ICANN is in receipt of about a dozen applications for “.home”, and some of those applicants no doubt have deeper pockets than the IETF does should they decide to litigate
    
    …ietf.org/…/PWl6CANKKAeeMs1kgBP5YPtiCWg/
    
    So, corporate fear.
    
    source
    -> View More Comments