bananoidandroid

Its formally considered a flawed democracy. I do the same thing with my kids. If i want them to clean their room i'll just ask them "do you want to clean your room, or you want to do the dishes and take out the trash?" and they'll always go for cleaning their room because it feels like they are getting something out of the deal, it's less "nasty" and they have a sense of choice but realistically i win in both scenarios.

Thanks! I initially considered going the wildcard route until i saw the workload involved for my host! There does seem to exist autorenewal programs for the largest hosts out there but i'm trying to support my local businesses so it's unfortunately out of of my scope at the moment, but i'll checkout your suggestion and see what tailscale has to offer!

I've set up a reverse proxy to try out hosting a few APIs but i'm curious about best practice and haven't found any good way to do it. Anyway, i have them running dotnet 9 on debian, and hosting them on http ports and then reverse proxying to apache that serves them externally with certbot on 443 to some real hostnames. I would really want to host them on https internally as well, but is there a neat way to "cert" them without an internal CA-service? My experience with self-signed certs are mostly that they always force me to trust the server cert in my connection strings, which is also unsafe so i just don't bother. Is it worth working on and which is the best approach here?