> The only real answer to this is to use Wildcard Certificates. You can get a TLS certificate for *.internal.example.com
Does Let's Encrypt support Subject Alt Names on the wildcard certs?
My experience suggests that wildcard certs work, but require a SAN entry for each "real" host because browsers don't trust the CN field anymore. e.g., my *.apps.blah cert doesn't work unless I include all of the things I use it on - homeassistant.apps.blah, nodered.apps.blah, etc.
Do Let's Encrypt certificates have something special that negates this requirement? Or am I completely wrong about the SAN requirement?
replies(5):