←back to thread

.INTERNAL is now reserved for private-use applications

(www.icann.org)
563 points joncfoo | 1 comments | 09 Aug 24 16:36 UTC | HN request time: 0.208s | source
Show context
xvilo ◴[09 Aug 24 21:34 UTC] No.41205561[source]
Any ideas on how you would run SSL/TLS on these set-ups?
replies(4): >>41205597 #>>41205600 #>>41206406 #>>41208111 #
1. Hamuko ◴[10 Aug 24 08:22 UTC] No.41208111[source]
I just got myself a proper domain name. You can get a domain for pretty cheap if you're not picky about what you get. You could for example register cottagecheese.download on Cloudflare for about $5/year right now.

I have my domain's DNS on Cloudflare, so I can use DNS verification with Let's Encrypt to get myself a proper certificate that works on all of my devices. Then I just have Cloudflare DNS set up with a bunch of CNAME records to .internal addresses.

For example, if I needed to set up a local mail server, I'd set mail.cottagecheese.download to have a CNAME record pointing to localserver.internal and then have my router resolve localserver.internal to my actual home server's IP address. So if I punch in https://mail.cottagecheese.download in my browser, the browser resolves that to localserver.internal and then my router resolves that to 10.x.x.x/32, sending me to my internal home server that greets me with a proper Let's Encrypt certificate without any need to expose my internal IP addresses.

Windows doesn't seem to like my CNAME-based setup though. Every time I try to use them, it's a diceroll if it actually works.