Comment on Internal domain and reverse proxy
robador51@lemmy.ml 3 days agoI do the same. I have a real domain and certbot does a dns challenge. It was a little fiddly and took a moment to figure out, i think that was because i couldn’t gat caddy to work, but traefik worked a charm. Self signing is more complex i think because you’ll need to accept the root in every client (browsers especially?), which is even more fiddly.
elvith@feddit.org 3 days ago
Yeah, that’s exactly why I didn’t use my own CA. There’s a plethora of devices that you now need to import the CA to and then you need to hope, that every application uses the system cert store and doesn’t roll its own (IIRC e.g. Firefox uses its own cert store and doesn’t use the system cert store. Same for every java based application,…)
It’s fiddly with Caddy, as you need a specific plugin to get it to work with anything else than the default challenge. That means using a custom build via caddy - and with docker, you’re SOL. BUT you can just use certbot and point caddy to the cert file in your file system.