• lemmyvore@feddit.nl
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      If you mean properly signed certificates (as opposed to self-signed) you’ll need a domain name, and you’ll need your LAN DNS server to resolve a made-up subdomain like lan.domain.com. With that you can get a wildcard Let’s Encrypt certificate for *.lan.domain.com and all your https://whatever.lan.domain.com URLs will work normally in any browser (for as long as you’re on the LAN).

      • solrize@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 months ago

        Right, main point of my comment is that .internal is harder to use that it immediately sounds. I don’t even know how to install a new CA root into Android Firefox. Maybe there is a way to do it, but it is pretty limited compared to the desktop version.

        • Petter1@lemm.ee
          link
          fedilink
          English
          arrow-up
          0
          ·
          3 months ago

          You do not have to install a root CA if you use let’s encrypt, their root certificate is trusted by any system and your requested wildcard Certificate is trusted via chain of trust

          • solrize@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            arrow-down
            1
            ·
            3 months ago

            That’s if you have a regular domain instead of.internal unless I’m mixing something. Topic of thread is .internal as if it were something new. Using a regular domain and public CA has always been possible.