On 14/12/23 08:54, Pocket wrote:
I have just finished writing some scripts to generate certs for my
email server and nginx server.
The scripts allow me to become my own CA.
You don't have to be your own CA. It's very easy to use letsencrypt to
generate valid certificates for hosts even if they are not directly
connected to the internet.
In my case I use letsencrypt for certificates for nginx, dovecot, and
postfix. They all use the same certificates maintained by
letsencrypt/certbot by linking to it in their configuration,
letsencrypt/certbot manages all the certificates and necessary renewals
using cron jobs at regular intervals.
The situations where you still need to be your own CA are for
applications like OpenVPN and certificates for ssh servers and clients
