All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Best practices for TLS certificate management on internal services

A technical guide on best practices for managing TLS certificates for internal services. The article argues against using self-signed certificates (which cause browser errors and headaches) and instead recommends using a public CA (like Let's Encrypt) with DNS-01 challenges for internal services, combined with proper domain management using either ICANN-restricted private TLDs (like .internal) or owned public apex domains. It walks through practical setup examples for services like Grafana, covering DNS configuration, certificate issuance, and automation to avoid common pitfalls.

Jakub Kołodziejczak2h ago7 min readen
Read on tuxnet.dev

Key quotes

Let's start with a simple example — we have a server which hosts bunch of HTTP services.
We use top-level domain restricted by ICANN for private use — e.g. .internal.
We use a public apex domain that we own — e.g. tuxnet.dev

From the article

No self-signing headaches, no TLS erros.
Continue reading on tuxnet.dev

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.