alt Hacker NewsCan't you get certificates by doing DNS challenges and use those certificates internally? If you don't have to be completely airgapped, doing the DNS challenges shouldn't be too hard.
Replies
0x000xca0xfe • today at 12:53 PM
You could also manually install CA certificates on every client device, or you can tell users to live with the security warnings shown by browsers...
It is currently not possible to keep your internal network private and still have HTTPS without hacks or problems on standard end user devices.
➕ show 1 reply
It is my understanding that DNS challenges are discouraged and/or being deprecated due to the challenge results being less trustworthy than more stringent verification methods. There is also the operational overhead that arises as SSL certificate lifetimes shorten; It is my understanding that there is now a case being made for SSL certificate lifetimes shorter than 24 hours.