this post was submitted on 08 Aug 2024
502 points (99.2% liked)

Selfhosted

60451 readers
679 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] solrize@lemmy.world 24 points 2 years ago (4 children)

Right, main point of my comment is that .internal is harder to use that it immediately sounds. I don't even know how to install a new CA root into Android Firefox. Maybe there is a way to do it, but it is pretty limited compared to the desktop version.

[–] cereals@lemmy.ml 8 points 2 years ago

You can't install a root CA in Firefox for android.

You have to install the cert in android and set Firefox to use the android truststore.

You have to go in Firefox settings>about Firefox and tap the Firefox logo for a few times. You then have a hidden menu where you can set Firefox to not use its internal trust store.

You then have to live with a permanent warning in androids quick setting that your traffic might be captured because of the root ca you installed.

It does work, but it sucks.

[–] lemmyvore@feddit.nl 6 points 2 years ago

This is not a new problem, .internal is just a new gimmick but people have been using .lan and whatnot for ages.

Certificates are a web-specific problem but there's more to intranets than HTTPS. All devices on my network get a .lan name but not all of them run a web app.

[–] Petter1@lemm.ee 1 points 2 years ago (1 children)

You do not have to install a root CA if you use let’s encrypt, their root certificate is trusted by any system and your requested wildcard Certificate is trusted via chain of trust

[–] solrize@lemmy.world 12 points 2 years ago

That's if you have a regular domain instead of.internal unless I'm mixing something. Topic of thread is .internal as if it were something new. Using a regular domain and public CA has always been possible.