←back to thread

Should you use Let's Encrypt for internal hostnames?

(shkspr.mobi)
238 points edent | 1 comments | 05 Jan 22 12:42 UTC | HN request time: 0.23s | source
Show context
mcgeez ◴[05 Jan 22 15:30 UTC] No.29810160[source]
I like the wildcard certificates option, however I have not been able to find an easy solution to distribute those certificates to every host I have internally. Is this usually done manually? is there some equivalent to acme.sh?

The kind of hosts I have are OPNSense router, traefik servers, unifi controller etc.

replies(5): >>29810259 #>>29810559 #>>29811193 #>>29811516 #>>29821377 #
1. willis936 ◴[05 Jan 22 15:58 UTC] No.29810559[source]
If you have root ssh on each machine you can make rsync cron jobs. Imo it's reasonably secure if you spend the time setting up ssh keys and disabling password auth after.