TLS certificates for internal services done right
3 hours ago
- #TLS
- #Networking
- #DNS
- Using split-horizon DNS allows the same domain to resolve to public or private IPs based on client connection.
- Setting up a WAF (e.g., via nginx) blocks traffic from public internet, adding security beyond DNS.
- Automating certificate renewal with acme.sh and cron jobs ensures ongoing TLS without manual intervention.
- Using SAN certificates enables multiple subdomains under one certificate, avoiding wildcard security risks.