Julien Riou
I have been managing my own CA for NRPE and OpenVPN by hand but I always forget how to (re)generate the certificates. I'll give step-ca a try this weekend and follow the @jwildeboer blog post https://jan.wildeboer.net/2025/07/letsencrypt-homelab-stepca/
#homelab #selhosting #stepca
Be the LetsEncrypt in your homelab with step-ca

So you have a Cute Homelab and you want to use it to secure your services and containers with x509 certificates? But your homelab isn’t on the internet, so you can’t simply use LetsEncrypt? Well. You can become your own LetsEncrypt and hand out certificates with certbot. You “just” need to run your own CA (Certificate Authority). Sounds frightening and complicated? It kinda is, but not really when you use step-ca, an open source solution that you can run in a container.

Jan Wildeboer's Blog
Apr 3 at 7:28pmWeb
Show threadJulien Riou1d ago
But before, I need to configure a local DNS zone, with unbound for example, using a .internal TLD https://en.wikipedia.org/wiki/.internal
#unbound #homelab #selfhosting
.internal - Wikipedia

Show threadJulien Riou1d ago
But even before, the kids are already awake and I have to clean the garage.
Show threadJulien Riou1d ago

My unbound servers are deployed. I can now remove the "ansible_host" variables from my inventory.

#homelab #selfhosting #unbound #ansible

Show threadGuillaume Rossolini1d ago

@jriou I thought that one wasn’t standardized and that .local was?

https://en.wikipedia.org/wiki/.local

a link-local address is a network address that is valid only for communications on a local link, i.e. within a subnetwork that a host is connected to

The exact distinction has always eluded me

.local - Wikipedia

Show threadJulien Riou1d ago
@GuillaumeRossolini I don't know. That would have been easier if the standard was the .lan TLD which everyone uses in the homelab community.
Show threadRichard Levitte1d ago
@GuillaumeRossolini @jriou
.internal (or an internal network) isn't necessarily limited to link-local.