Should you use Let's Encrypt for internal hostnames?

(shkspr.mobi)

238 points edent | 1 comments | 05 Jan 22 12:42 UTC | HN request time: 0.309s | source

Show context

ChrisMarshallNY ◴[05 Jan 22 14:58 UTC] No.29809728[source]▶

This is an interesting topic, for me.

I write iOS apps, and iOS requires that all internet communications be done with HTTPS.

It is possible to use self-signed certs, but you need to do a bit of work on the software, to validate and approve them. I don't like doing that, as I consider it a potential security vector (you are constantly reading about development code that is compiled into release product, and subsequently leveraged by crooks).

I am working on a full-stack system. I can run the backend on my laptop, but the app won't connect to it, unless I do the self-signed workaround.

It's easier for me to just leave the backend on the hosted server. I hardly ever need to work on that part.

replies(3): >>29809863 #>>29810001 #>>29810540 #

chedabob ◴[05 Jan 22 15:20 UTC] No.29810001[source]▶

>>29809728 #

For the project I'm working on currently, I use Charles Proxy's "Map Remote" function to map our UAT server's HTTPS url to my local machines HTTP URL.

Also ngrok.com works really well if you need to give other people access to your dev environment.

replies(1): >>29810929 #

1. ChrisMarshallNY ◴[05 Jan 22 16:20 UTC] No.29810929[source]▶

>>29810001 #

> I use Charles Proxy's "Map Remote" function to map our UAT server's HTTPS url to my local machines HTTP URL.

This looks really interesting. Thanks! I'll see if I can get away with it.

↑