• 1 Post
  • 5 Comments
Joined 2 years ago
cake
Cake day: June 10th, 2023

help-circle



  • If you have a domain you own that’s the way to go, I went by your .home naming assuming that’s what you’re using. Since .home can’t be registered similar to .local, LetsEncrypt wouldn’t be an option.

    I have a split DNS setup on my end so a service like jellyfin would resolve only internally since I want to limit it, but others would be both public and internal.


  • Shouldn’t be any risk if it’s all local.

    For an internal domain you’ll need to set up your own internal CA to sign certs for your fqdns. The risk comes from any mishandling of that new CA since you’ll need to install it as a trusted root on all of your devices and if someone gets a hold of it nothing would stop them from creating a MITM attack for let’s say yourbank.com

    If you have the CA’s key under lock then you should be good.