[ozim]

Just wait a bit and there will be some TLS denialism spawning here.

For a lot stuff on my local network I don’t want the hassle and there are loads of use cases in local networks for normal people to just have port 80 no certs on something like 192.x.x.x because there is no easy way to set up public certificates for that and I don’t want everything hostem on cloud - some stuff I want to still host for myself in my local network.

Corporations or companies should not do that - even internal networks should have proper certs and encryption but it also is not that easy.

Stuff sent over the internet for others to see should have TLS always because you don’t know where your packets travel.

[9029]

> For a lot stuff on my local network I don’t want the hassle and there are loads of use cases in local networks for normal people to just have port 80 no certs on something like 192.x.x.x because there is no easy way to set up public certificates for that and I don’t want everything hostem on cloud - some stuff I want to still host for myself in my local network.

Tbh I don't see what's hard about this. All you need is an A record pointing to your 192.x.x.x, acme capable dns host and a modern reverse proxy. You can even use a free ddns service if you want. Wouldn't bother with this for development, but anything hosted for longer than a few days absolutely yes. Imo not getting browser warnings is alone worth the few minutes it takes nowadays.

[dmitrygr]

“ All you need is an A record pointing to your 192.x.x.x, acme capable dns host and a modern reverse proxy”. That’s a LOT more than socket(), listen(), and accept().

[SahAssar]

> All you need is an A record pointing to your 192.x.x.x, acme capable dns host and a modern reverse proxy

And to distribute keys that allow those appliances to update the DNS records, to secure those keys, have an a way to install those keys (and update/rotate them), and make sure your DNS host is supported by your acme client.

[ozim]

XD

I can yeah it is easy but I have 20 years of experience.

I don’t want to spend time setting that up.

For less technically capable people you just lost them in first sentence.

[gucci-on-fleek]

> For a lot stuff on my local network I don’t want the hassle […] because there is no easy way to set up public certificates

Everything on my home network uses publicly-trusted certs from LE, including my router with only 8MB of flash and 128MB of memory. You need to use the DNS challenges if you don't want the services to be publicly accessible, but you can run ACME on nearly everything these days.

[ozim]

Neat part is that’s my local network and I don’t want to spend time doing that.

I’d much rather spend time arguing about it on HN.

That’s the neat part of “it is my time” and I want to use it the way I want.

It doesn’t apply to stuff I publish over the internet all personal pages blogs have https, that’s not negotiable.

[gucci-on-fleek]

Fair enough. The only reason that I bothered setting up HTTPS certificates in my home network was because I was using a domain where I had previously enabled HSTS. I was wasn't very enthusiastic about it when I first added the certificates, but once I figured it out, I appreciated seeing a little padlock when I logged in to my router. That's essentially the only benefit though, so I certainly don't blame you for not wanting to go through the effort to set it up.