I'm very new to omv+homelab and I need some tips about what solution could be better to deploy.
The problem is related to certificates for https services on my lan.
I've seen the letsencrypt approach but - if I've understood well - its main goal is to enable https connections from internet to my intranet, using duckdns for dns name.
In my case, I connect from outside (internet) to inside (lan) via a wireguard tunnel based on an external VPS... so I should have secured the connection in this way.
Remain the problem that, everytime I connect to a lan server of mine, using a self-signed certificate, I have to accept the risk etc etc... and of course this is boring.
Now, what can be done to solve this?
- add the self-signed certificates to the browsers: I'm not sure it works, but I need effort to do this for every browser I use (pc, laptop, smartphones, tablet...)
- using a private "internal" certification authority (but I think I have to add this a root CA into the browser, so I just moved the problem...), such as this dockered one, https://hub.docker.com/r/bitnami/ejbca/
- or I can configure swag / letsencrypt / certbot to have certificates from an outside CA for internal server? Reversing the question: can these tools release a certificate for a server with private ip? Or I have to obtain certificates for publicip +duckdns name and those will be valid even if I connect to private ip/name? I think it is impossible, how they can "certificate" that... that's why I've started to evaluate the previous solution. Maybe I just have not understood well how letsencrypt and friends work
- other easier and best solutions I have not tought about
Thanks in advice!