britishteadrinker@feddit.uktoSelfhosted@lemmy.world•Do you run a private CA? Could you tell me about your certificate setup if you do?English
14·
11 months agoI’d just buy a single domain, it’s like £5 a year and use a letsencrypt wildcard and have it auto renew via DNS challenges. Very easy. You can do what you’re doing with letsencrypt, but you’ll have to set up HTTP challenges for each sub domain, or DNS challenges for each sub domain. Obviously doable, but more work.
Doing it without letsencrypt and just doing it privately? I dunno if I’d bother with that, firstly you’ll have to go through the hassle of making sure any browser and computer that connects to it has the root cert of the private CA, or you’ll get self signed errors, which is a faff. I’d honestly just pay the £5 or so a year, you’ll spend more time (and time is ultimately money) doing it without it.
You don’t have to make the public domain, well, public. You can not hook up any DNS records for it, so externally it won’t resolve anywhere and just use internal DNS.