Firefox

17849 readers

72 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago

MODERATORS

On .LAN domains, how to stop firefox switching to https (when it's not available) and stop complaining about self-signed certificates when it is available ? (lemmy.ml)

submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]

25 comments fedilink hide all child comments

I'm just so annoyed of fighting this all the time.

If I can't figure this out I'm going to disable all https redirecting and all certificate errors off so I can have some peace

EDIT: I do not wish to manage certificates I do not want to setup private key infrastructure I don't want to use real internet domain names I don't want to manually install certificates into browsers after fishing them out of my ephemeral virtual machines

I just want to, add exception for *.lan for https auto redirect and auto-accept self-signed certificates as valid. This is not much to ask.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 4 points 1 month ago* (last edited 1 month ago) (1 children)

So you get a wildcard cert for the public domain, and only go one level deep on your LAN, reusing the wildcard cert? That's a pretty cool trick.

[–] [email protected] 6 points 1 month ago* (last edited 1 month ago)

I use a wildcard cert in some places, but most of them are individual certs. You can have multiple ACME DNS challenges on a single domain, for example _acme-challenge.first.int.example.com and _acme-challenge.second.int.example.com for first.int.example.com and second.int.example.com respectively.

The DNS challenge just makes you create a TXT record at that _acme-challenge subdomain. Let's Encrypt follows CNAMES and supports IPv6-only DNS servers, so I'm using some software called "acme-dns" to run a DNS server specifically for ACME DNS challenges. It's just listening on a IPv6 in one of my VPS /64 IPv6 range.