Hi everybody,

I'm very new to omv+homelab and I need some tips about what solution could be better to deploy.

The problem is related to certificates for https services on my lan.

I've seen the letsencrypt approach but - if I've understood well - its main goal is to enable https connections from internet to my intranet, using duckdns for dns name.

In my case, I connect from outside (internet) to inside (lan) via a wireguard tunnel based on an external VPS... so I should have secured the connection in this way.

Remain the problem that, everytime I connect to a lan server of mine, using a self-signed certificate, I have to accept the risk etc etc... and of course this is boring.

Now, what can be done to solve this?

I think:

1. add the self-signed certificates to the browsers: I'm not sure it works, but I need effort to do this for every browser I use (pc, laptop, smartphones, tablet...)
2. using a private "internal" certification authority (but I think I have to add this a root CA into the browser, so I just moved the problem...), such as this dockered one, https://hub.docker.com/r/bitnami/ejbca/
3. or I can configure swag / letsencrypt / certbot to have certificates from an outside CA for internal server? Reversing the question: can these tools release a certificate for a server with private ip? Or I have to obtain certificates for publicip +duckdns name and those will be valid even if I connect to private ip/name? I think it is impossible, how they can "certificate" that... that's why I've started to evaluate the previous solution. Maybe I just have not understood well how letsencrypt and friends work
4. other easier and best solutions I have not tought about

Thanks in advice!

Thanks a lot!

I read it fast, but the step-by-step solution you describe is that in the point one of my previous message? I mean, this is a fast and easy solution and my analisys - in particolar about the fact that letsencrypt and friends cannot be used for lan - is correct?