this post was submitted on 23 Oct 2023
1 points (100.0% liked)

Self-Hosted Main

515 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

morning,

so when i first started homelabing I didn't use my wildcard certs due to me not fully understanding traefiks implementation of lets encrypt. Does anyone know how to remove my registered ssl certs from being publicly viewed for example using https://crt.sh/.

you are viewing a single comment's thread
view the rest of the comments
[–] GolemancerVekk@alien.top 1 points 1 year ago

Certificate transparency logs play a vital role so you can't remove any information from it. They let everybody (including you) verify that the certificates are genuine, and they keep certificate authorities honest.

If the part that's bothering you is that your subdomains are known, the solution is to get wildcard certs then replace all the former subdomains with new ones that don't appear in the log.

If the part that's bothering you is simply that old domain names are still resolved, the trick is to not get wildcard DNS records. The certs should be issued for a wildcard (*.domain.tld) but the actual subdomains should be defined explicitly (CNAME example.domain.tld -> domain.tld but not CNAME *.domain.tld -> domain.tld); otherwise all the previously defined subdomains will keep working.

I think most of us have been through this, myself included. Not only did I define subdomains before learning about logs and wildcards, I also had domains that were used at some point with freedns.afraid.org and had random people issue certs for various subdomains, and all of that is now in the transparency logs.