I vaguely remember reading something about leaking your private network setup if you used Let’s Encrypt to generate your certificates.
Because of this when I installed my reverse proxy with caddy to handle my selfhosted home network I configured it to generate the certificates locally.
But this comes with the issue of the annoying warnings of the browsers plus being unable to connect to those devices/services which can’t ignore it.

Am I being too paranoid? Is there any real concern about generating the certificates with Let’s Encrypt for addresses which I don’t intend to have outside my private network?

  • jonahMA
    link
    fedilink
    English
    arrow-up
    7
    ·
    2 years ago

    I don’t see why you couldn’t just get a wildcard certificate that doesn’t include any hostnames, if you handle your traffic on a single Caddy reverse proxy anyways.

    • xradeon
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 years ago

      Yeah, solution is just to get a wildcard cert.

    • krolden@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      2 years ago

      Yup, wildcard with a TXT record of your reverse proxy local IP does it for me

    • pe1ucaOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 years ago

      Ah, got it!
      I’ll look into it, AFAIK caddy autogenerates all certs for each site, so probably I’ll have to manually create and import the wildcard one.