I vaguely remember reading something about leaking your private network setup if you used Let’s Encrypt to generate your certificates.
Because of this when I installed my reverse proxy with caddy to handle my selfhosted home network I configured it to generate the certificates locally.
But this comes with the issue of the annoying warnings of the browsers plus being unable to connect to those devices/services which can’t ignore it.

Am I being too paranoid? Is there any real concern about generating the certificates with Let’s Encrypt for addresses which I don’t intend to have outside my private network?

  • kittyrunningnoise@lemm.ee
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    … in case you don’t know: if it’s for resources on a private home network, you can easily add the CA cert (i.e. the public key associated with the private key used to sign your certs) to your devices so that it’s no longer unknown and the warnings disappear. I know this doesn’t answer your question, but it’s what I’d do instead of using letsencrypt for private services.

  • jonah@lemmy.oneM
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I don’t see why you couldn’t just get a wildcard certificate that doesn’t include any hostnames, if you handle your traffic on a single Caddy reverse proxy anyways.