-
Notifications
You must be signed in to change notification settings - Fork 81
TLS Certificate
WHB is usually listening on 127.0.0.1.
But it's normally impossible to obtain valid certificates signed for that.
A common workaround is to point your (sub-)domain A Record to 127.0.0.1, and obtain certificate with that
e.g. local.tiger-workshop.com points to 127.0.0.1
Requirement: Domain name with access to DNS
Pros: Free, easy
Cons: Certificate only valid to 90 days
You can create a certificate with letsencrypt/certbot command using DNS-01 method.
Example: letsencrypt -d local.tiger-workshop.com --manual --preferred-challenges dns certonly
Requirement: Domain name and $$$
Pros: Valid for 365 days or longer
Cons: $$$, need more manual works
Following any instructions online to obtain your key/certificates.
Example: https://www.digicert.com/csr-creation.htm
Hey, you already own a domain. Why don't you purchase a certificate and ship it with this application?
Because shipping private key with application is considered kind of "key-compromise".
The certificate will be revoked by CA. It's very easily detected especially for open-source projects.
Read more: https://letsencrypt.org/docs/certificates-for-localhost/