Comment on How to reach different services via name instead of ip?
tartarin@reddthat.com 3 days ago
Certificates can have multiple usages and you didn’t specify the purpose in your case. A certificate is not necessarily tied to an IP or even a server. However, if you want to authenticate the server with a certificate, you will need the IP address to be resolved by a DNS. So, you should clarify what you actually want to accomplish. Do you expect your certificates to be self-signed or signed by a certification authority? A certification authority cannot validate a private IP address.
Auth@lemmy.world 3 days ago
Sorry, a cert for https because im sick of the annoying browser warning.
suicidaleggroll@lemmy.world 3 days ago
self-signed won’t get rid of any warnings, it will just replace “warning this site is insecure” with “warning this site uses a certificate that can’t be validated”, no real improvement. What you need is a cert signed by an actual certificate authority. Two routes for that:
Create your own CA. This is free, but a PITA since it means you have to add this CA to every single device you want to be able to access your services. Phones, laptops, desktops, etc.
Buy a real domain, and then use it to generate real certs. You have to pay for this option ($10-20/year, so not a lot), but it gets you proper certs that will work on any device. Then you need to set up a reverse proxy (nginx proxy manager was mentioned in another post, that will work), configure it to generate a wildcard cert for your domain using DNS-01 challenge, and then apply that cert to all of your subdomains. Here’s a pretty decent video that walks you through the process: m.youtube.com/watch?v=TBGOJA27m_0
CameronDev@programming.dev 3 days ago
.uk domains are very cheap, $5ish AUD, which is ~2.5usd.