Getting ready to issue IP address certificates

(community.letsencrypt.org)

314 points Bogdanp | 1 comments | 25 Jun 25 16:21 UTC | HN request time: 0s | source

Show context

vkdelta ◴[25 Jun 25 19:03 UTC] No.44380805[source]▶

Does it help getting encrypted https (without self signed cert error) on my local router ? 192.168.0.1 being an example login page.

replies(6): >>44380853 #>>44380871 #>>44380923 #>>44381115 #>>44381757 #>>44382265 #

dark-star ◴[25 Jun 25 22:10 UTC] No.44382265[source]▶

>>44380805 #

no but you can do something closely related:

- get a domain name (foo.com) and get certificates for *.foo.com

- run a DNS resolver that maps a.b.c.d.foo.com (or a-b-c-d.foo.com) to the corresponding private IP a.b.c.d

- install the foo.com certificate on that private IP's device

then you can connect to devices in your local network via IP by using https ://192-18-1-1.foo.com

Since you need to install the certificate in step 3 above, this works better with long-lived certificates, of course, but aotomation helps there

replies(2): >>44382457 #>>44383727 #

1. briHass ◴[26 Jun 25 02:30 UTC] No.44383727[source]▶

>>44382265 #

Cloudflare DNS (probably others as well) allows you to enter private IPs for subdomains, so you don't have to run your own DNS. There's no AXFR enabled, so no issues with privacy unless you have someone really determined to dictionary-attack your subdomains.

↑