I've been using a slightly different approach which skips the mkcert step. I really need to write a blog post, but roughly:<p>- register a subdomain on getlocalcert.net<p>- save credentials<p>- create LetsEncrypt certificate with cert-manager<p>Since LetsEncrypt is a trusted CA, there is no need for mkcert.<p><a href="https://github.com/robalexdev/getlocalcert-client-tests/tree/main/examples%2Fcert-manager">https://github.com/robalexdev/getlocalcert-client-tests/tree...</a>
Related, I also saw this project a little while ago: <a href="https://smallstep.com/blog/build-a-tiny-ca-with-raspberry-pi-yubikey/" rel="nofollow noreferrer">https://smallstep.com/blog/build-a-tiny-ca-with-raspberry-pi...</a><p>Which looks quite interesting to have HTTPS for my internal-only pages without need to deal with an external service, although you have to be very careful to setup your certs correctly with "Name Constraints" (<a href="https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.10" rel="nofollow noreferrer">https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.10</a>) to avoid the risk of someone being able to MitM <i>everything</i> if they're able to get in and start issuing themselves certificates.
Hello folks!<p>Thought I'd share some insights in how I set up test frameworks using cert-manager for generating self-signed certificates. And then making them locally trusted using mkcert for easy install.<p>I think it's neat, but it does have its caveats as everything I suppose. :)<p>Thanks!
It's worrying that this is considered minimal pain in the k8s world. It's not a ding, it's a sign that it's not a platform to be taken or used on a whim but with serious considerations about time involved.
I had to generate bunch of these at work, because reasons, and I found out that you can use Caddy to do this by including `tls internal` in your Caddyfile.<p>The first time you install it, it will prompt you to install the root cert.