←back to thread

Should you use Let's Encrypt for internal hostnames?

(shkspr.mobi)
238 points edent | 1 comments | 05 Jan 22 12:42 UTC | HN request time: 0.003s | source
Show context
mcgeez ◴[05 Jan 22 15:30 UTC] No.29810160[source]
I like the wildcard certificates option, however I have not been able to find an easy solution to distribute those certificates to every host I have internally. Is this usually done manually? is there some equivalent to acme.sh?

The kind of hosts I have are OPNSense router, traefik servers, unifi controller etc.

replies(5): >>29810259 #>>29810559 #>>29811193 #>>29811516 #>>29821377 #
1. quicksilver03 ◴[06 Jan 22 09:41 UTC] No.29821377[source]
At my last job I implemented the certificate generation as a scheduled job, which pushes the generated certificates to a private S3 bucket.

Then, our standard Ansible playbooks set up on each node a weekly systemd timer which downloads the needed certificates and restarts or reloads the services.