in reply to Jonathan

mastodon - Link to source

Jan Wildeboer 😷

I went the full Monty. DNS server at home, step-ca (certificate authority) in a container, so now all my (virtual) machines get name resolution and certificates via certbot. See jan.wildeboer.net/2025/08/My-D… and jan.wildeboer.net/2025/07/lets… @bjoern @homelab @homelab_de

My Own DNS Server At Home - Part 1: IPv4

“It’s always DNS” is a famous meme among network people. Name resolution is technically quite simple. It’s “just” translating a hostname like jan.wildeboer.net to an IP address.
Jan Wildeboer (Jan Wildeboer's Blog)
@BjoernAusGE @Run your own homelab @Homelab Deutschland
in reply to Jonathan

mastodon - Link to source

Schreini

I realise it via a nginx proxy manager container (which is very large). An approach is described there:
youtube.com/watch?v=qlcVx-k-02…

Quick and Easy Local SSL Certificates for Your Homelab!

To try everything Brilliant has to offer—free—for a full 30 days, visit http://brilliant.org/Wolfgang/ The first 200 of you will get 20% off Brilliant’s annu...
YouTube
This entry was edited (5 hours ago)
in reply to Jonathan

mastodon - Link to source

Andreas Bulling

@bjoern@sengotta.net @homelab @homelab_de I can only underline what @jwildeboer@wildeboer.net already wrote - install your own CA using #step-ca.

Once all is up and running, SSL certificates and warnings turn into a no-issue in your home network. I've done that a few months ago and have not thought about them once since then.

Install step-ca and look no further.

#step @Run your own homelab @Homelab Deutschland
This entry was edited (5 hours ago)
in reply to Jonathan

mastodon - Link to source

Patrick Loftus 🖖

I do this with let’s encrypt, a free subdomain from freedns.afraid.org/ and an inadyn script with a 5 minute cron to compare rotating public IPs.

FreeDNS - Free DNS - Dynamic DNS - Static DNS subdomain and domain hosting

Free DNS hosting, lets you fully manage your own domain. Dynamic DNS and Static DNS services available. You may also create hosts off other domains that we host upon the domain owners consent, we have several domains to choose from!
freedns.afraid.org
in reply to Jonathan

mastodon - Link to source

Interpipes 💙

@homelab@fedigroups.social_de it’s fairly straightforward to set up your own internal CA and add it to your system / browser’s trust store. You can do it with openssl or with a GUI tool like xCA.

Or, apparently, step-ca is a thing, which should let you use an ACME client to automate issuing internal certs hub.docker.com/r/smallstep/ste…

@Run your own homelab
This entry was edited (5 hours ago)
in reply to kate

mastodon - Link to source

Jan Wildeboer 😷

I’ll revisit the dns challenge when letsencrypt adds the static entry option DNS-PERSIST-01 [1]. Right now you need to dynamically update dns for this to work.

[1] letsencrypt.org/2025/12/02/fro…

@abulling @interpipes @jonathan859 @bjoern @homelab

These challenges are why we are working with our partners at the CA/Browser Forum and IETF to standardize a new validation method called DNS-PERSIST-01. The key advantage of this new method is that the DNS TXT entry used to demonstrate control does not have to change every renewal. This means you can set up the DNS entry once and begin automatically renewing certificates without needing a way to automatically update DNS. This should allow even more people to automate their certificate renewals. It will also reduce reliance on authorization reuse, since the DNS records can stay unchanged without any further ACME client involvement. We expect DNS-PERSIST-01 to be available in 2026, and will have more to announce soon.

Decreasing Certificate Lifetimes to 45 Days

Let’s Encrypt will be reducing the validity period of the certificates we issue. We currently issue certificates valid for 90 days, which will be cut in half to 45 days by 2028.
letsencrypt.org
@Interpipes 💙 @Andreas Bulling @BjoernAusGE @Jonathan @Run your own homelab
This entry was edited (4 hours ago)