I’m going round in circles on this one.
What I want to do is:
- serve up my self-hosted apps with https (to local clients only - nothing over the open web)
- address them as ‘app.server.lan’ or ‘sever.lan/app’
- preferably host whatever is needed in docker
I think this is achievable with a reverse proxy, some kind of DNS server and self-signed certs. I’m not a complete noob but my knowledge in this area is lacking. I’ve done a fair bit of research but I’m probably not using the right terminology or whatever.
Would anyone have a link to a good guide that covers this?
Umm, wildcard certs from ZeroSSL seem to run at $52.99 per month, billed yearly. Free plan does not have those, neither does Basic.
As I understood, the one that you see on the page is something distinct. They have a different service on their ACME page. If you’re using a script like acme.sh or using the ACMEIssuer in Caddy, then you can get a free wildcard certificate over that. But I assume it’s losing the advantages that have been mentioned like the web dashboard, etc.
Good to know! *-cert is definitely something I’d need to setup in my self host setup, though a little complex as my (free) domain provider does not let me edit TXT records for DNS-01.
Sorry, then proceed with LE. Got that part mixed up, you are totally rjght.
What advantages do you think the paid cert has over letsencrypt?
ZeroSSL has unpaid plans (for non wildcards) that have a few advantages that LE doesn’t:
And, first and foremost, they are European and it’s always good tk have an alternative ready.
But as said before, I totally missed the wildcard issue, as I haven’t touched these for a long time and recently had more to do with my public services (which get a ACME single domain cert via zeroSSL)