this post was submitted on 12 Sep 2024
105 points (97.3% liked)

Selfhosted

60253 readers
443 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

I'm curious what the benefits are of paying for SSL certificates vs using a free provider such as letsencrypt.

What exactly are you trusting a cert provider with and what are the security implications? What attack vectors do you open yourself up to when trusting a certificate authority with your websites' certificates?

In what way could it benefit security and/or privacy to utilize a paid service?

And finally, which paid SSL providers are considered trustworthy?

I know Digicert is a big player, but their prices are insane. Comodo seems like a good affordable option, but is it a trustworthy company?

you are viewing a single comment's thread
view the rest of the comments
[–] N0x0n@lemmy.ml 3 points 2 years ago (2 children)

Except for the learning process and if you want your self-signed local domains in your lan !

https://jellyfin.homelab.domain is easier to access than IP addresses.

[–] PlexSheep@infosec.pub 4 points 2 years ago (1 children)

In that case, i recommend step-ca, which is a certificate authority server with acme support anyone can self host. The setup took a while but it's been running for months now without problems for me.

[–] N0x0n@lemmy.ml 2 points 2 years ago (1 children)

Yeaaah I already played a bit arround with step-ca ! Right now a make a mini-CA with openssl.

When I get more comfortable with how everything works together I will surely give step-ca another try.

[–] PlexSheep@infosec.pub 1 points 2 years ago

I found open-ssl to be much harder to use. Do you just manually make new certificates with the CA in CLI?

[–] state_electrician@discuss.tchncs.de 3 points 2 years ago (1 children)

I've been doing home networking for many years now and the public Domain + Cloudflare DNS + Let's Encrypt is the easiest it's ever been.

[–] N0x0n@lemmy.ml 1 points 2 years ago (1 children)

Can't argue against that.

However, I prefer local domain names accessible via Wireguard with self-signed certs. I like to understand how everything works under the hood !

Also, I'm broke AF and buying a domain name (even cheap ones) are out of my budget :(.

[–] qaz@lemmy.world 2 points 2 years ago* (last edited 2 years ago)

Numeric .xyz domains only cost $1 a year. They're not great for things like mail because they're often used by spammers (probably because of the price), but it's great for cheap signed DNS hostnames.

I point it to the server on my local network and use Wireguard to connect myself.