(shkspr.mobi)

238 points edent | 1 comments | 05 Jan 22 12:42 UTC | HN request time: 0.368s | source

Show context

walrus01 ◴[05 Jan 22 18:08 UTC] No.29812652[source]▶

I run my own internal CA.

Would not recommend to anyone that they use publicly-valid letsencrypt certs for internal hostnames, since certificate issuance transparency logs are public and will expose all of the hostnames of your internal infrastructure.

replies(1): >>29813336 #

spapas82 ◴[05 Jan 22 19:00 UTC] No.29813336[source]▶

>>29812652 #

The article answers that: use wildcard certs instead

replies(1): >>29813471 #

1. walrus01 ◴[05 Jan 22 19:11 UTC] No.29813471[source]▶

>>29813336 #

I'd put using wildcard TLS for all your internal stuff in the category of unacceptably weird and unnecessary risk

↑

Should you use Let's Encrypt for internal hostnames?