this post was submitted on 14 Sep 2024
47 points (91.2% liked)

Firefox

18037 readers
333 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 5 years ago
MODERATORS
 

I'm just so annoyed of fighting this all the time.

If I can't figure this out I'm going to disable all https redirecting and all certificate errors off so I can have some peace

EDIT: I do not wish to manage certificates I do not want to setup private key infrastructure I don't want to use real internet domain names I don't want to manually install certificates into browsers after fishing them out of my ephemeral virtual machines

I just want to, add exception for *.lan for https auto redirect and auto-accept self-signed certificates as valid. This is not much to ask.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] friend_of_satan 4 points 3 months ago* (last edited 3 months ago) (1 children)

So you get a wildcard cert for the public domain, and only go one level deep on your LAN, reusing the wildcard cert? That's a pretty cool trick.

[โ€“] [email protected] 6 points 3 months ago* (last edited 3 months ago)

I use a wildcard cert in some places, but most of them are individual certs. You can have multiple ACME DNS challenges on a single domain, for example _acme-challenge.first.int.example.com and _acme-challenge.second.int.example.com for first.int.example.com and second.int.example.com respectively.

The DNS challenge just makes you create a TXT record at that _acme-challenge subdomain. Let's Encrypt follows CNAMES and supports IPv6-only DNS servers, so I'm using some software called "acme-dns" to run a DNS server specifically for ACME DNS challenges. It's just listening on a IPv6 in one of my VPS /64 IPv6 range.