• 0 Posts
  • 2 Comments
Joined 1Y ago
cake
Cake day: Dec 01, 2023

help-circle
rss

You don’t have to make the public domain, well, public. You can not hook up any DNS records for it, so externally it won’t resolve anywhere and just use internal DNS.


I’d just buy a single domain, it’s like £5 a year and use a letsencrypt wildcard and have it auto renew via DNS challenges. Very easy. You can do what you’re doing with letsencrypt, but you’ll have to set up HTTP challenges for each sub domain, or DNS challenges for each sub domain. Obviously doable, but more work.

Doing it without letsencrypt and just doing it privately? I dunno if I’d bother with that, firstly you’ll have to go through the hassle of making sure any browser and computer that connects to it has the root cert of the private CA, or you’ll get self signed errors, which is a faff. I’d honestly just pay the £5 or so a year, you’ll spend more time (and time is ultimately money) doing it without it.