Hello everyone. Need some opinions here. Does it worth all the trouble to make things like jellyfin and immich run with HTTPS for services that are only accesible in the LAN? I ask it 'cause, as far as I know, there is no way to put a valid certificate like let’s encrypt for a service that is not accessible from the net and I don’t plan to buy a certificate for myself. But I have some trouble with the rest of my family having issue with their browsers complaining about the lack of https every time a browser is updated. So, what would be the best solution?
Look into DNS-01 challenge where instead of exposing 80/443, you obtain a cert by creating a TXT record for your domain. This requires your ACME client to support talking to your DNS provider’s API. For certbot they’re installable via plugins, for lego-acme many providers are included.
This is what i do. Have certbot running every night, and it’ll auto skip if it is too soon to renew. If renew is successful then it’ll deploy. Pretty much set and forget it.