Random Thread - Anything Goes
- 
 @coliver said in Random Thread - Anything Goes: @hobbit666 said in Random Thread - Anything Goes: @coliver said in Random Thread - Anything Goes: This was going to my answer. It's so easy to setup HTTPS that it makes no sense not to. Ok so next level. Use a Certificate from an internal CA? As you can't use something like Letsencrypt Or just use HTTPS Why wouldn't Let'sEncrypt work? Do these systems not have access to the internet at all? That’s not how let’s encrypt works. LE has to reach back to the device you cannot port forward everything to everything. I fucking hate how people think that let’s encrypt is the master solution for SSL because it is not 
- 
 @JaredBusch said in Random Thread - Anything Goes: That’s not how let’s encrypt works. LE has to reach back to the device you cannot port forward everything to everything. Actually it doesn't have to do that. I manage internal systems that don't have outside reaching in access and LE still works. They have alternative methods just for that. In my case, they aren't web servers. 
- 
 @dbeato said in Random Thread - Anything Goes: @coliver said in Random Thread - Anything Goes: @hobbit666 said in Random Thread - Anything Goes: @coliver said in Random Thread - Anything Goes: This was going to my answer. It's so easy to setup HTTPS that it makes no sense not to. Ok so next level. Use a Certificate from an internal CA? As you can't use something like Letsencrypt Or just use HTTPS Why wouldn't Let'sEncrypt work? Do these systems not have access to the internet at all? Some devices are not online just internal and they wouldn't do HTTP confirmation but they could do DNS confirmation. That' what I do in that case. Works well. 
- 
 @hobbit666 said in Random Thread - Anything Goes: @coliver said in Random Thread - Anything Goes: This was going to my answer. It's so easy to setup HTTPS that it makes no sense not to. Ok so next level. Use a Certificate from an internal CA? As you can't use something like Letsencrypt Or just use HTTPS Why not just self sign? You are considering HTTP, using self signed is totally fine. 
- 
 @scottalanmiller said in Random Thread - Anything Goes: @dbeato said in Random Thread - Anything Goes: @coliver said in Random Thread - Anything Goes: @hobbit666 said in Random Thread - Anything Goes: @coliver said in Random Thread - Anything Goes: This was going to my answer. It's so easy to setup HTTPS that it makes no sense not to. Ok so next level. Use a Certificate from an internal CA? As you can't use something like Letsencrypt Or just use HTTPS Why wouldn't Let'sEncrypt work? Do these systems not have access to the internet at all? Some devices are not online just internal and they wouldn't do HTTP confirmation but they could do DNS confirmation. That' what I do in that case. Works well. If it is the system they can use the fully current version of certbot and also that your DNS provider has a plug-in that works with certbot. 
- 
  
- 
  
- 
 This just passed me 
  
- 
  
- 
  
- 
 @JaredBusch said in Random Thread - Anything Goes: This just passed me 
  Isn't that highly distracting and illegal? 
- 
 @RojoLoco i was reminded of your “Big orange idiot” comment from a year or so ago:  
- 
  
- 
  
- 
 @JaredBusch said in Random Thread - Anything Goes: @coliver said in Random Thread - Anything Goes: @hobbit666 said in Random Thread - Anything Goes: @coliver said in Random Thread - Anything Goes: This was going to my answer. It's so easy to setup HTTPS that it makes no sense not to. Ok so next level. Use a Certificate from an internal CA? As you can't use something like Letsencrypt Or just use HTTPS Why wouldn't Let'sEncrypt work? Do these systems not have access to the internet at all? That’s not how let’s encrypt works. LE has to reach back to the device you cannot port forward everything to everything. I fucking hate how people think that let’s encrypt is the master solution for SSL because it is not There are tons of alternatives to this. Even having a single "public" system getting a wildcard and then pushing that cert to the systems that need it would be fairly easy to script. 
- 
  
- 
  
- 
  
- 
  
- 
  
 





