Antithetical

Alright, I’ll give you that… Welcome!

deleted by creator

Nobody has won, they’re just going to the store to get some lube…

Oh certificates are so much fun and you have so many options. From fairly easy to mindboggling complex.

Your current solution is OK if you keep in mind security implications of distributing certs using scripts.

It is not entirely clear where you do your tls-termination but it sounds like that is the Caddy reverse proxy so that is where your certs should be.

Placing them in a location like /etc/ssl/example_com/ as fullchain.pem and privkey.pem is probably easiest. Make sure access rights are appropriate. Then point Caddy at them and it should work. I have no experience with Caddy itself though. If Caddy runs in Docker be sure to map the certificates into the container.

Mind that in this scenario the certificates are only on the Caddy server, connections from the reverse proxy to the services is unencrypted over http. You can’t easily use the LE certificates on the services itself without some ugly split-horizon DNS shenanigans.

Alternatively you can set up a PKI with certificates for your services behind the reverse-proxy for internal encryption and do public tls termination in the proxy with Let’s Encrypt.

WSL(2) was not Microsoft “being good”. It was part of Embrace, Extend, Extinguish.

It was clear Linux won in the server world (not IIS). So why don’t you run this lovely Linux as an app in our nice safe OS where we can keep milking you.

NFS is easy as long as you use very basic access control. When you want NFSv4 with Kerberos auth you’re entering a world of pain and tears.

That AI bot must be saturated with break-up and “Delete Facebook, hit the gym!” advice…

Interesting, I’ve never heard about that… What is the difference?

How I read it is that they’ve reintroduced it in FF 139 and that you need to enable the third-party certificates to acces the client certificate in the Android cert. store. But the linked bugs in the later replies of my link mention a regression in FF 140+.

I do agree that this is still a horrible UX though. Sadly I don’t have the time currently to test it.

I was curious so I looked it up… But it should technically work on FF for Android, although there is a bug in the UI.

See:

• https://connect.mozilla.org/t5/ideas/allow-personal-certificates-in-firefox-mobile/idi-p/176

This is only true for the connection security. With mTLS you can also authenticate to the webapplication you’re trying to reach. So consider your use-case between vpn/mtls.

If you’re really out of options you can just brute-force it:

# grep -r 'old.home.lab' /etc

Or any other dir with configs…

It’s a sad state of affairs. I would pay for youtube in a heartbeat if it wasn’t connected to the biggest spyware company in the world. But now, even while paying you still get ads and they still track you. The people working at Alphabet are bad and should feel bad.

I always liked penguins and Tux… But that movie cemented penguins as my spirit animal :)

As I mentioned in another comment it plays quite well. At least with the Steam Index that I use. Most games seem to work out of the box. One thing that isn’t currently implemented is BT communication with the lighthouses which is a bit annoying but there are other apps and tools to workaround that.

I also run on Linux exclusively and I could play Half-Life Alex almost flawlessy on the Steam Index. And other VR games as well, including Beatsaber, Gorn, Walkabout Golf and many others. I’m really grateful to Valve and their Proton.

That is correct. There is both and Ing and Ir title that are Engineer. Ir for masters and Ing for higher education.

See Titels voeren.

Same for the Netherlands.

Yes, and that is where we enter the complicated territories…

I’m sorry, but have you ever needed to manage some certificates for a legacy system or something that isn’t just a simple public facing webserver?

Automation becomes complicated very quickly. And you don’t want to give DNS mutation access to all those systems to renew with DNS-01.