this post was submitted on 16 Mar 2026
62 points (95.6% liked)

Selfhosted

57607 readers
1058 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
62
SSL certificates for things inside the lab (lemmy.zip)
submitted 16 hours ago by gblues@lemmy.zip to c/selfhosted@lemmy.world
24 comments fedilink hide all child comments
 

Hello everyone. Need some opinions here. Does it worth all the trouble to make things like jellyfin and immich run with HTTPS for services that are only accesible in the LAN? I ask it 'cause, as far as I know, there is no way to put a valid certificate like let's encrypt for a service that is not accessible from the net and I don't plan to buy a certificate for myself. But I have some trouble with the rest of my family having issue with their browsers complaining about the lack of https every time a browser is updated. So, what would be the best solution?

you are viewing a single comment's thread
view the rest of the comments
[–] versionc@lemmy.world 10 points 15 hours ago (1 children)

as far as I know, there is no way to put a valid certificate like let's encrypt for a service that is not accessible from the net

There definitely is. All of my local services run on a wildcard cert that I got from a DNS challenge with Let's Encrypt. As long as the reverse proxy can access whatever source is issuing the certificate, and as long as the client browser can access public certificate ledgers and has DNS info about your services, things will work just fine locally.

I recommend Netbird to give access to services to your family members, for access control and for the DNS server it provides. It also gives you the bonus of accessing your services remotely.

Feel free to ask if you have any questions.

[–] TheHolm@aussie.zone -1 points 14 hours ago (1 children)

Just do not use wildcard, very bad security practice. Getting individual cert for each service is easy these days.

[–] versionc@lemmy.world 4 points 14 hours ago (2 children)

Huh? Why?

[–] TheHolm@aussie.zone 2 points 8 hours ago

for start private keys should never leave the system which uses them. Wildcards are even worse, as if one host got compromised, all others can be spoofed.

[–] possiblylinux127@lemmy.zip 3 points 11 hours ago

Because a stolen cert can do a lot more damage

It is all about least privilege