←back to thread

Just want simple TLS for your .internal network?

(github.com)
246 points nh2 | 1 comments | 18 Oct 24 06:10 UTC | HN request time: 0.216s | source
Show context
ndsipa_pomu ◴[22 Oct 24 08:36 UTC] No.41912342[source]
I prefer to assign an external name to an internal device and grab a free SSL cert from LetsEncrypt, but using DNS challenge instead as internal IP addresses aren't reachable by their servers.
replies(9): >>41912368 #>>41912827 #>>41913126 #>>41913387 #>>41913720 #>>41913826 #>>41916306 #>>41917079 #>>41917804 #
1. giobox ◴[22 Oct 24 17:03 UTC] No.41916306[source]
LetsEncrypt + DNS challenge + DNS provider with letsencrpyt compatible API for modifying records works fantastically well for getting "real" https/SSL working for private IP addresses, the automatic renewals make it largely set and forget with very little config or setup required.

I've had working validly signed SSL on literally all my private home self-hosted services and load-balancers internally for years this way.

It also easily switches to a production like setup if you later did decide to host something on the public internet.