Easily Encrypt your Home Network services with Lets Encrypt (for free)
blog.safewebbox.com
Following a recent post on how I use Tailscale and NextDNS to manage my home network Tailscale Part 3 - How I run my Home NetworkI’ve written quite a bit about Tailscale and its features. In this post, I’ll be covering how I’ve utilised the technology in
    • dudeami0@lemmy.dudeami.winEnglish
      2·
      2 years ago

      Hard to believe you used to have to pay for a TLS certificate. I use Let’s Encrypt with cert-manager on my kubernetes cluster and it still amazes me how SSL just happens. Even just using certbot makes the job extremely simple.

      • ActuallyRuben@actuallyruben.nlEnglish
        1·
        2 years ago

        There even are still some (shitty) webhosts that require payment for a TLS certificate, because they refuse to support letsencrypt.

      • sudneo@lemmy.worldEnglish
        1·
        2 years ago

        For cert-manager to work you need to have the ingress controller port (or I guess another port) exposed publicly? Or it supports DNS verification? I thought about doing this, but I am essentially having my cluster fully in a private network which I connect with wireguard from outside, but maybe I should reconsider?

        I am keen to know a little bit more about your setup

        • dudeami0@lemmy.dudeami.winEnglish
          1·
          2 years ago

          I am using cloudflare DNS, which cert-manager requires an API key to edit the DNS entries. Documentation on this can be found here. It seems to support a number of DNS APIs, you can view those here.

          • sudneo@lemmy.worldEnglish
            1·
            2 years ago

            Aha, yes that makes perfect sense. I remembered now that I checked some time ago and my DNS is not supported. But maybe I will move to acme-dns, it seems very hacky, I love it!

  • vividspecter@lemmy.worldEnglish
    0·
    2 years ago

    As a side note, how do people handle HTTPS with private networks (VPN or local) these days? I typically just stick to HTTP, but it would be nice to get rid of the warnings/lock (and I use HTTPS-only mode and firefox seems to require a fresh exception for every port).

    • dustojnikhummer@lemmy.worldEnglish
      1·
      2 years ago

      Self signed certificates and import CA onto all of my devices.

      Or, public DNS with cloudflare that points to local IP.

  • Epsilon@kbin.social
    0·
    2 years ago

    Is there a lets-encrypt alternative that doesn’t require you to pay for a domain? I’d like to use a local domain like myservice.home rather than myservice.domain.com. I currently have Caddy auto generate certificates for my services but it’s a pain as some devices hate the self-signed certificate.

    • dustojnikhummer@lemmy.world
      01·
      2 years ago

      Self signed certificates. I have my services with a .local domain, created a 10year certificate. The only painful thing is that you have to import your CA into all of your devices