I vaguely remember reading something about leaking your private network setup if you used Let’s Encrypt to generate your certificates.
Because of this when I installed my reverse proxy with caddy to handle my selfhosted home network I configured it to generate the certificates locally.
But this comes with the issue of the annoying warnings of the browsers plus being unable to connect to those devices/services which can’t ignore it.

Am I being too paranoid? Is there any real concern about generating the certificates with Let’s Encrypt for addresses which I don’t intend to have outside my private network?

  • @jonahMA
    link
    English
    71 year ago

    I don’t see why you couldn’t just get a wildcard certificate that doesn’t include any hostnames, if you handle your traffic on a single Caddy reverse proxy anyways.

    • krolden
      link
      fedilink
      English
      2
      edit-2
      1 year ago

      Yup, wildcard with a TXT record of your reverse proxy local IP does it for me

    • @xradeon
      link
      English
      21 year ago

      Yeah, solution is just to get a wildcard cert.

    • @pe1ucaOP
      link
      English
      11 year ago

      Ah, got it!
      I’ll look into it, AFAIK caddy autogenerates all certs for each site, so probably I’ll have to manually create and import the wildcard one.