gordonb3 wrote: > > to use Letsencrypt you must own a public domain and whatever name you > want a certificate for must be registered to that domain and > ownership isn't required, you can also use e.g. a duckdns subdomain the subdomain / host name doesn't have to exist, and you can get wildcard certificates (so one can use e.g. *.internal.domain.com with a single SSL cert)
> > reference a plain HTTP server to complete the challenge. > The challenge takes a couple of seconds, so the webserver only has to be online for that. could be done with e.g. some dyndns, or just point the domain at the public ip for that time if you have one (or use a VPS, which one can get for ~2 EUR/month) > > Depending on what firewall you run in your main router you could also > use your public IP to access the HTTPS proxy, but that will obviously > also mean that this will be exposed to the entire internet (again > depending on your firewall and its configuration). > A internal DNS proxy / server can map queries for the domain used in the certificate to the correct LAN IPs (*.internal.domain.com -> 192...). No public IP, and nothing is exposed to the outside. > > An alternative option is to create your own Certificate Authority (CA) > and use that to sign certificates for e.g. lms.domain.local. This will > however require you to import the public key of that `SnakeOil` CA on > each device that you use to access LMS and may be something of an issue > on some of them (I'm still trying to figure out how to import an X509 on > an Android phone). > I thought about that (using 'mkcert' (https://github.com/FiloSottile/mkcert)), but decided against it for a number of reasons (mainly the one you mentioned, but also since it generally seemed to be huge hassle ) 'Various SW' (https://www.nexus0.net/pub/sw/): Web Interface | Text Interface | Playlist Editor / Generator | Music Classification | Similar Music | Announce | EventTrigger | Ambient Noise Mixer | DB Optimizer | Image Enhancer | Chiptunes | LMSlib2go | ... 'Various HowTos' (https://www.nexus0.net/pub/documents/LMS/): build a self-contained LMS | Bluetooth/ALSA | Control LMS with any device | ... ------------------------------------------------------------------------ Roland0's Profile: http://forums.slimdevices.com/member.php?userid=56808 View this thread: http://forums.slimdevices.com/showthread.php?t=115555 _______________________________________________ discuss mailing list [email protected] http://lists.slimdevices.com/mailman/listinfo/discuss
