Random Thread - Anything Goes

scottalanmiller

@JaredBusch said in Random Thread - Anything Goes:

That’s not how let’s encrypt works. LE has to reach back to the device you cannot port forward everything to everything.

Actually it doesn't have to do that. I manage internal systems that don't have outside reaching in access and LE still works. They have alternative methods just for that. In my case, they aren't web servers.

scottalanmiller

@dbeato said in Random Thread - Anything Goes:

@coliver said in Random Thread - Anything Goes:

@hobbit666 said in Random Thread - Anything Goes:

@coliver said in Random Thread - Anything Goes:

This was going to my answer. It's so easy to setup HTTPS that it makes no sense not to.

Ok so next level. Use a Certificate from an internal CA? As you can't use something like Letsencrypt

Or just use HTTPS

Why wouldn't Let'sEncrypt work? Do these systems not have access to the internet at all?

Some devices are not online just internal and they wouldn't do HTTP confirmation but they could do DNS confirmation.

That' what I do in that case. Works well.

scottalanmiller

@hobbit666 said in Random Thread - Anything Goes:

@coliver said in Random Thread - Anything Goes:

This was going to my answer. It's so easy to setup HTTPS that it makes no sense not to.

Ok so next level. Use a Certificate from an internal CA? As you can't use something like Letsencrypt

Or just use HTTPS

Why not just self sign? You are considering HTTP, using self signed is totally fine.

JaredBusch

@scottalanmiller said in Random Thread - Anything Goes:

@dbeato said in Random Thread - Anything Goes:

@coliver said in Random Thread - Anything Goes:

@hobbit666 said in Random Thread - Anything Goes:

@coliver said in Random Thread - Anything Goes:

This was going to my answer. It's so easy to setup HTTPS that it makes no sense not to.

Ok so next level. Use a Certificate from an internal CA? As you can't use something like Letsencrypt

Or just use HTTPS

Why wouldn't Let'sEncrypt work? Do these systems not have access to the internet at all?

Some devices are not online just internal and they wouldn't do HTTP confirmation but they could do DNS confirmation.

That' what I do in that case. Works well.

If it is the system they can use the fully current version of certbot and also that your DNS provider has a plug-in that works with certbot.

nadnerB

nadnerB

JaredBusch

This just passed me

nadnerB

nadnerB

Obsolesce

@JaredBusch said in Random Thread - Anything Goes:

This just passed me

Isn't that highly distracting and illegal?

nadnerB

@RojoLoco i was reminded of your “Big orange idiot” comment from a year or so ago:

scottalanmiller

scottalanmiller

coliver

@JaredBusch said in Random Thread - Anything Goes:

@coliver said in Random Thread - Anything Goes:

@hobbit666 said in Random Thread - Anything Goes:

@coliver said in Random Thread - Anything Goes:

This was going to my answer. It's so easy to setup HTTPS that it makes no sense not to.

Ok so next level. Use a Certificate from an internal CA? As you can't use something like Letsencrypt

Or just use HTTPS

Why wouldn't Let'sEncrypt work? Do these systems not have access to the internet at all?

That’s not how let’s encrypt works. LE has to reach back to the device you cannot port forward everything to everything. I fucking hate how people think that let’s encrypt is the master solution for SSL because it is not

There are tons of alternatives to this. Even having a single "public" system getting a wildcard and then pushing that cert to the systems that need it would be fairly easy to script.

nadnerB

nadnerB

nadnerB

nadnerB

nadnerB

scottalanmiller

@nadnerB said in Random Thread - Anything Goes:

If you have this many Legos, you are rich.