(shkspr.mobi)

238 points edent | 3 comments | 05 Jan 22 12:42 UTC | HN request time: 0.229s | source

Show context

imadethis ◴[05 Jan 22 14:27 UTC] No.29809315[source]▶

This seems like a perfect use case for wild card certs, especially if you have internal sites on a different (sub) domain from your prod servers. Yes, multiple servers have the same private key, but when the alternative is self-signed or no encryption, that is an easy trade off for me.

replies(3): >>29809569 #>>29811047 #>>29812720 #

1. dijit ◴[05 Jan 22 18:13 UTC] No.29812720[source]▶

>>29809315 #

Please stop advocating for wildcard certificates.

http://blog.dijit.sh/please-stop-advocating-wildcard-certifi...

http://blog.dijit.sh/follow-up-wildcard-tls-certificates

replies(2): >>29812885 #>>29813872 #

2. kayodelycaon ◴[05 Jan 22 18:25 UTC] No.29812885[source]▶

>>29812720 (TP) #

Chrome is giving me certificate errors. NET::ERR_CERT_DATE_INVALID

3. imadethis ◴[05 Jan 22 19:42 UTC] No.29813872[source]▶

>>29812720 (TP) #

…that’s why I said to have your LAN on a different domain or subdomain, so it can’t be a valid cert for your prod traffic.

↑

Should you use Let's Encrypt for internal hostnames?