Remix.run Logo
xorcist 2 hours ago

This is crazy. If you have a home network with a few internal services, or some sort of network where you don't control the endpoints, just use DNS validation. That's why it exists.

But on hosts you control, you should absolutely provision them with an identity and join the local CA. You're going to need it for a multitude of other reasons.

maqnius 42 minutes ago | parent [-]

Can you elaborate why one shouldn't use DNS validation for hosts you control in general?

xorcist 13 minutes ago | parent [-]

That's not it. If you have an internal network, where every host is provisioned by you, you already control identity.

In that case there's no need to validate anything as names, dns records, certificates and anything else should already be in place.

llama052 a minute ago | parent [-]

There's certainly something to be said for ease of use and not having to ensure you push trusted certs to every device that touches your internal network.

Unless you enjoy that sort of thing.