this post was submitted on 23 Oct 2023
1 points (100.0% liked)
Self-Hosted Main
515 readers
1 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
For Example
- Service: Dropbox - Alternative: Nextcloud
- Service: Google Reader - Alternative: Tiny Tiny RSS
- Service: Blogger - Alternative: WordPress
We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.
Useful Lists
- Awesome-Selfhosted List of Software
- Awesome-Sysadmin List of Software
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Certificate transparency logs play a vital role so you can't remove any information from it. They let everybody (including you) verify that the certificates are genuine, and they keep certificate authorities honest.
If the part that's bothering you is that your subdomains are known, the solution is to get wildcard certs then replace all the former subdomains with new ones that don't appear in the log.
If the part that's bothering you is simply that old domain names are still resolved, the trick is to not get wildcard DNS records. The certs should be issued for a wildcard (*.domain.tld) but the actual subdomains should be defined explicitly (CNAME example.domain.tld -> domain.tld but not CNAME *.domain.tld -> domain.tld); otherwise all the previously defined subdomains will keep working.
I think most of us have been through this, myself included. Not only did I define subdomains before learning about logs and wildcards, I also had domains that were used at some point with freedns.afraid.org and had random people issue certs for various subdomains, and all of that is now in the transparency logs.