Hi, I was looking at private CAs since I don’t want to pay for a domain to use in my homelab.
What is everyone using for their private CA? I’ve been looking at plain OpenSSL with some automation scripts but would like more ideas. Also, if you have multiple reverse-proxy instances, how do you distribute domain-specific signed certificates to them? I’m not planning to use a wildcard, and would like to rotate certificates often.
Thanks!
Edit: thank you for everyone who commented! I would like to say that I recognise the technical difficulty in getting such a setup working compared to a simple certbot setup to Let’s Encrypt, but it’s a personal choice that I have made.
Use something like no-ip, you can get a domain for free and renewing it every 30 days with a few clicks is much easier then managing a CA.
The only downside is the TLD but if you don’t care to much about how your domain name looks it really is the best option.
I use no-ip with letsencrypt, the LE bot does the certificate stuff for me, I use a single domain with different ports for each service and no-ip sends an email every 30 days to reconfirm the domain. Simple and easy.
I would not like to use a public domain for my internal traffic, even if the traffic is not routed outside. This is more of a personal choice than me looking for the easiest technical solution. I do own a domain, but I’ll keep that specifically for elements facing the internet.
Thanks!