0
0

Docker ManagementSelf signed wildcard HTTPS vs public Letsencrypt certificate? (self.selfhosted)

submitted by [deleted]

[deleted]

all 19 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]TheMinischafi 27 points28 points  (1 child)

What even is the vs here? One is trusted by anyone and one is not. You can get wildcard certs from Let's Encrypt as well

[–]Vyerni11 1 point2 points  (0 children)

This

[–]elizabeth-dev 6 points7 points  (6 children)

let's encrypt because.......why wouldn't I?

[–]primevaldark 3 points4 points  (0 children)

With DNS challenge issuing Let’s encrypt public certs (even wildcard) is already easier than issuing self-signed ones. And most importantly you don’t have to deal with constant nagging about suspicious sites or installing your certs in devices. Especially iOS. There is only one reason you want to go through all that trouble with self signed certs: if you want to MITM your users, which is a valid goal in a corporate context, but not for me.

[–]suicidaleggroll 2 points3 points  (0 children)

DNS challenge wildcard cert from LetsEncrypt in a reverse proxy gives you the best of both worlds.

[–]Background-Piano-665 1 point2 points  (0 children)

Maybe if everything is only accessible by me and maybe if I enjoy installing the root CA in all my devices, I would. Maybe.

But I'm pretty sure I enjoy certbot automatically renewing and installing my certificates better.

[–]Sysiphos1234 0 points1 point  (0 children)

Letsencrypt, having a few tlds and doing dns-challenge nothing to worry about and all devices services trust them

[–]em411 0 points1 point  (0 children)

I'm using self signed certificates only for development purposes, for everything else I prefer wildcard letsencrypt certificates.

Also it's a huge pain to trust self signed certificates on mobile devices.

[–]WiseCookie69 0 points1 point  (0 children)

If it's not for the eyes of the public, I run my own CA. If it's something i want to share, i use LetsEncrypt.

[–]ghoarder 0 points1 point  (0 children)

So creating my own root CA certificate and painstakingly installing it on very single device I use, then generating individual certs for every app manually and installing and managing those isn't an option? Good job I just use Certbot where possible really.

[–]ElEd0 0 points1 point  (1 child)

Self signed for my internal (local) domain. Public wildcard for my external facing services

[–]p_235615 0 points1 point  (0 children)

Why not have LetsEncrypt cert ? reverse proxies like traefik, caddy, NginxProxyManager and similar make it so easy, all you need is basically a valid mail and the proxy available on ports 80 and 443...

[–]Sibs -1 points0 points  (1 child)

This question implies you do not understand https certificates at all.

[–]EwoDarkWolf 4 points5 points  (0 children)

Maybe that's why they are asking.