Post AlLyT5AkyPDGYoIhV2 by dushman@hollow.raccoon.quest
(DIR) More posts by dushman@hollow.raccoon.quest
(DIR) Post #AlLx70y7p2EJCKJ1Ci by HaraldKi@nrw.social
2024-08-26T07:49:13Z
1 likes, 0 repeats
I run a (web)server for home-things at home, strictly not reachable from the outside. We're using a cornucopia of browsers on Linux, iPad, Android.Browsers want https (good), and valid certificates (good), but there seems to be no no-pain way to tell them all, hey, this in-house server can be trusted.- Importing self signed cert into each browser 🤢 - Getting a letsencrypt cert by going online briefly: OK. But then?Am I missing something obvious?#networking #linux #dns #letsencrypt #TLS
(DIR) Post #AlLx71nWjvLXlkM4K8 by dushman@hollow.raccoon.quest
2024-08-26T08:22:46.612Z
0 likes, 0 repeats
@HaraldKi@nrw.social I mean you can just run http and not have to bother if this is LAN only anyway
(DIR) Post #AlLy0AnOzFkxbRakIy by phnt@fluffytail.org
2024-08-26T08:32:46.709411Z
1 likes, 1 repeats
@HaraldKi browsers shouldn't enforce https for local addresses. Firefox and Chrome doesn't at least. Since you probably have domains setup for your local services as that would explain the requirement for certificates, you can use the DNS-01 challenge on let's encrypt. https://letsencrypt.org/docs/challenge-types/#dns-01-challenge
(DIR) Post #AlLyT5AkyPDGYoIhV2 by dushman@hollow.raccoon.quest
2024-08-26T08:38:00.021Z
0 likes, 0 repeats
@phnt@fluffytail.org @HaraldKi@nrw.social DNS-01 challengeDon't you have to manually redo the challenge on every renewal? Would also be kinda annoying.
(DIR) Post #AlLysu2H0CiHY7e23E by dushman@hollow.raccoon.quest
2024-08-26T08:42:39.751Z
0 likes, 0 repeats
@phnt@fluffytail.org @HaraldKi@nrw.social Yeah you do have to do it manually unless your registrar gives you API access that would allow you to run a script that'd do it for you
(DIR) Post #AlLyx71aeSFSzaKfiq by dushman@hollow.raccoon.quest
2024-08-26T08:43:25.809Z
0 likes, 0 repeats
@phnt@fluffytail.org @HaraldKi@nrw.social You have to change the txt rec on every renewal
(DIR) Post #AlLzLB4hFFFmVHGDho by dushman@hollow.raccoon.quest
2024-08-26T08:47:46.399Z
0 likes, 0 repeats
@phnt@fluffytail.org @HaraldKi@nrw.social browsers shouldn't enforce https for local addresses. Firefox and Chrome doesn't at leastYou're right they don't. I'd just run this on http.
(DIR) Post #AlLzXR5hWTdTeTZkmm by phnt@fluffytail.org
2024-08-26T08:50:00.080242Z
0 likes, 1 repeats
@dushman @HaraldKi Most reputable registrars have an API for that. A 5 line Python script is probably enough.
(DIR) Post #AlLza5UAJ8ePVqHbge by dushman@hollow.raccoon.quest
2024-08-26T08:50:28.431Z
0 likes, 0 repeats
@phnt@fluffytail.org @HaraldKi@nrw.social Yeah I mentioned that
(DIR) Post #AlM0jf5TPVsiUQrYLg by mima@makai.chaotic.ninja
2024-08-26T09:03:22.357Z
0 likes, 0 repeats
@dushman@hollow.raccoon.quest OP probably isn't the only user of the local webserver. Mainstream browsers these days are pretty much annoyingly alarmist when you don't use TLS, so perhaps that's why they're asking for an effective HTTPS setup ​:sagume_think:​@phnt@fluffytail.org @HaraldKi@nrw.social
(DIR) Post #AlMAj2XvhiqWUyW0bA by HaraldKi@nrw.social
2024-08-26T10:39:41Z
0 likes, 0 repeats
@mima @phnt @dushman exactly right. And the occasional guest, and my wife trying a new browser, so the one thing I absolute want to avoid: import certs into browsers.
(DIR) Post #AsFI9FRSIO8mnLCuYK by HaraldKi@nrw.social
2025-03-20T08:21:32Z
0 likes, 0 repeats
@mima @phnt @dushman And in a new twist, I am implementing a note taking web app intended to encrypt everything on the device and store their encrypted notes on the home server. So even family members can have private notes on the server, the key only in their personal device.Fun fact: cryto in the browser requires HTTPS.(And yes, if know they have to trust me to not leak their keys to me.🤪 )And for added fun: I want to avoid the traffic to leave the house, meaning I want 192.168.x.x😀