←back to thread

Should you use Let's Encrypt for internal hostnames?

(shkspr.mobi)
238 points edent | 2 comments | 05 Jan 22 12:42 UTC | HN request time: 1.419s | source
1. toddnni ◴[05 Jan 22 21:03 UTC] No.29814904[source]
Maybe a dump question, but was it so, that it is not only Let's Encrypt that uses Certificate Transparency Log, but all the other providers too?

If so, then the decision is more like, whether to use a public or private certificate for an internal service.

replies(1): >>29819179 #
2. mac-chaffee ◴[06 Jan 22 03:56 UTC] No.29819179[source]
Yep, we recently moved from DigiCert to LE and someone was alarmed at the certificate transparency logs, until we scrolled down the page to reveal the same logs from DigiCert.

Wildcards hide it somewhat, but DigiCert charges per subdomain now, and every user thinks they need their own subdomain for some reason. So LE it is.