How do you manage the distribution of internal TLS network certificates? I’m using cert-manager to generate them, but the root self-signed certificate expires monthly which makes distribution to devices outside of K8s a challenge. It’s a PITA to keep doing this for the tablet, laptop and phones. I can bump the root cert to a year, but I’m concerned that the date will sneak up on me. Are there any automated solutions?

  • Lem453
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 month ago

    DNS challenge with a reverse proxy is that answer. I’ve been doing this for a while now and it works great. Most other answers here are work arounds or not very robust.

    This is the way: https://youtu.be/liV3c9m_OX8

    I do this with authentik for sso

    I have local only things like vaultwarden and external things like seafile.