shiftymccool

You're right, I'm using the cloudflare DNS challenge to get let's encrypt certs. I'm definitely hitting traefik. I'm testing by turning the Wi-Fi on my phone off/on and opening the page after. I get the same cert every time but it's not trusted when on Wi-Fi. This makes sense since it's the origin server cert which is meant to encrypt traffic between my server and cloudflare. To add more certainty, when Wi-Fi is on, a traceroute shows only one hop to my server and shows a bunch of hops when it's off.

Barring any Traefik tricks that allows me to accomplish what I'm after, I was thinking of going with your "third" option of just letting it use Cloudflare for everything but, I had to check with the experts first before just doing it.

I have some apps that complain or, in one case, flat out doesn't work if the cert is invalid. I've been working around it (sort of) but it would be nice to have it set up "correctly" for once. If routing all traffic through Cloudflare is the answer, so be it ¯_(ツ)_/¯

If I use the Cloudflare origin server certs, the browser shows insecure and the message is "certificate not trusted" which is the same message as self-signed, if I'm not mistaken. I'm not sure what other details are relevant as I'm still new-ish to the networking portion of this home server thing. I'm happy to answer any questions if you suspect something.

I'm not using self-signed anymore, I'm getting them from Cloudflare via DNS challenge

Candied Windows

My guess is they're referring to these release posts with zero detail.

"KelmRigger new release!" means nothing to anybody that's never heard of it. At least add a sentence to say what it is rather than make everyone go look it up.

Kvaesitso, it's unique and open source

I needed something dead-simple to keep homelab documentation. If it's not simple, I probably wouldn't keep up with changes. I landed on An Otter Wiki https://github.com/redimp/otterwiki