I’m just so annoyed of fighting this all the time.
If I can’t figure this out I’m going to disable all https redirecting and all certificate errors off so I can have some peace
EDIT: I do not wish to manage certificates I do not want to setup private key infrastructure I don’t want to use real internet domain names I don’t want to manually install certificates into browsers after fishing them out of my ephemeral virtual machines
I just want to, add exception for *.lan for https auto redirect and auto-accept self-signed certificates as valid. This is not much to ask.
So you get a wildcard cert for the public domain, and only go one level deep on your LAN, reusing the wildcard cert? That’s a pretty cool trick.
I use a wildcard cert in some places, but most of them are individual certs. You can have multiple ACME DNS challenges on a single domain, for example
_acme-challenge.first.int.example.comand_acme-challenge.second.int.example.comforfirst.int.example.comandsecond.int.example.comrespectively.The DNS challenge just makes you create a TXT record at that
_acme-challengesubdomain. Let’s Encrypt follows CNAMES and supports IPv6-only DNS servers, so I’m using some software called “acme-dns” to run a DNS server specifically for ACME DNS challenges. It’s just listening on a IPv6 in one of my VPS /64 IPv6 range.