(github.com)

246 points nh2 | 1 comments | 18 Oct 24 06:10 UTC | HN request time: 0.001s | source

Show context

ndsipa_pomu ◴[22 Oct 24 08:36 UTC] No.41912342[source]▶

I prefer to assign an external name to an internal device and grab a free SSL cert from LetsEncrypt, but using DNS challenge instead as internal IP addresses aren't reachable by their servers.

replies(9): >>41912368 #>>41912827 #>>41913126 #>>41913387 #>>41913720 #>>41913826 #>>41916306 #>>41917079 #>>41917804 #

DandyDev ◴[22 Oct 24 08:42 UTC] No.41912368[source]▶

>>41912342 #

I do this as well, but be aware that these external names you're using for internal devices become a matter of public record this way. If that's okay for you (it is for me), then this is a good solution. The advantage is also that you run no risk of name clashes because you actually own the domain

replies(7): >>41912424 #>>41912505 #>>41912544 #>>41912570 #>>41912671 #>>41912732 #>>41919325 #

1. prmoustache ◴[22 Oct 24 09:38 UTC] No.41912671[source]▶

>>41912368 #

you can use a wildcard of type *.internal.example.com or use names that do not relate to the service name if you want to obfuscate the tech stack used.

The only thing public is that you may have an internal network with nodes.

↑

Just want simple TLS for your .internal network?