Hasty Briefsbeta

Bilingual

TLS certificates for internal services done right

4 hours ago
  • #TLS
  • #Networking
  • #DNS
  • Using split-horizon DNS allows the same domain to resolve to public or private IPs based on client connection.
  • Setting up a WAF (e.g., via nginx) blocks traffic from public internet, adding security beyond DNS.
  • Automating certificate renewal with acme.sh and cron jobs ensures ongoing TLS without manual intervention.
  • Using SAN certificates enables multiple subdomains under one certificate, avoiding wildcard security risks.