view the rest of the comments
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
The advantage of wildcard certificates is that you don't have to expose each single subdomain over internet. Which is great if you want to have https on local only subdomains.
If you still use HTTP for cert verification on ACME, you are doing it wrong. Use DNS-01 only, there is no need to allow any inbound traffic to your servers. and HTTP will not give you wildcard anyway.
Yes, you are right, I already use DNS validation. But it is just it is easier to request a single wildcard certificate for my domain and have all the subdomains that I use for the local services defined only in my local DNS. I cannot fully automate the certificate renewal because namecheap requires to allowlist the IP that can call its API, and my ip is dynamic. So renewing a single certificate saves me time. Also, the wildcard certificate is installed on a single machine, so it is not the I increase a lot the attack surface by not having different certificates for each virtual host.