Comment on Certbot is great. Let's Encrypt is great.
thirdBreakfast@lemmy.world 10 months agoGood point. Although they are also hosting my DNS, so they can take the site over anytime they want anyway?
Comment on Certbot is great. Let's Encrypt is great.
thirdBreakfast@lemmy.world 10 months agoGood point. Although they are also hosting my DNS, so they can take the site over anytime they want anyway?
SirNuke@kbin.social 10 months ago
They could hijack your site at any time, but with a copy of your live private certs they (or more likely whatever third party that will invariably breach your domain provider) can decrypt your otherwise secure traffic.
I don't think there's significant real tangible risk since who cares about your private selfhosted services and I'd be more worried about the domain being hijacked, and really any sort of network breach is probably interested in finding delicious credit card numbers and passwords and crypto private keys to munch on. If someone got into my network, spying on my Jellyfin streaming isn't what I'm going to be worried about.
But it is why CSRs are used.
thirdBreakfast@lemmy.world 10 months ago
Thanks - I hadn’t considered the traffic decryption.