Zanathos

One such app I can think of would be a client side issue. If the public cert doesnt match the back end private cert it will sever the connection and mark it as insecure. Hopefully I won't need to deal with it much longer though.

I just heard back from my other team that "this project sounds great for your team" even though they manage many of their own apps and certificates. Perhaps I should just let them burn then!

Unfortunately some apps require the certificate be bound to the internal application, and need to be done so through cli or other methods not easily automated. We could front load over reverse proxy but we would still need to take the proxy cert and bind to the internal service for communication to work properly. Thankfully that's for my other team to figure out as I already have a migration plan for systems I manage.

They are going down to 200 day expiration in March 2026. You can still buy 5 year certificates today but you still need to reissue them in 365 day cadence.

I'm in the same boat here. I keep sounding the alarm and am making moves so that MY systems won't be impacted, but it's not holding water with the other people I work with and the systems they manage. I'm torn between manual intervention to get it started or just letting them deal with it themselves once we hit 45 day renewal periods.

While I agree for my personal use, it's not so easy in an enterprise environment. I'm currently working to get services migrated OFF my servers that utilize public certificates to avoid the headache of manual intervention every 45 days.

While this is possible for servers and services I manage, it's not so easy for other software stacks we have in our environment. Thankfully I don't manage them, but I'm sure I'll be pulled into them at some point or another to help figure out the best path forward.

The easy path is obviously a load balanced front-end to load the certificate, but many of these services are specialized and have very elaborate ways to bind certificates to services outside of IIS or Apache, which would need to trust the newly issued load balancer CA certificate every 47 days.

Thing looks like a suicide pod, and drowning is one of my biggest fears. This thing also costs about as much as my house I'm still paying off. I am not the target demographic for this.

Welcoming the incoming dowvotes for correcting your comment just like the many similar comments and posts I've seen on Reddit, but this is purely a configuration issue.

Transcoding on local network is allowed without a subscription. If you are running your own DNS server (like pihole or unbound) you need to configure an internal "plex.direct" record. You also need to uncheck an option to "treat your WAN IP as internal" option which corrects double NAT issues.

I have yet to see a need to move away from Plex. I paid for the cheap lifetime sub over a decade ago at this point and everyone I invite to my server has no complaints and has not had to pay Plex a dime. I don't use their plex.tv proxy, I direct connect to my own IP and leave their remote proxy option off in the server and everything works great.

I will check out Jellyfin at some point if Plex makes things more difficult in time, but for now these articles are literally just rage bait in the homelab ecosystem. They enacted this back in April of 2025 already!

It's always DNS

I've already found recent emails in my gmail account for right-leaning news sources I've had to opt out of. I've been lax on my gmail management until last year I went on a major cleanup spree, so I know these new emails were automatically added somehow, and this article likely explains it.

It does take quite a bit of upkeep, especially if you don't use it frequently. I recently found my instance broke due to a bad addon, and then Authelia also broke because NC decided thier OIDC addon is not supported on the latest v32. I was able to re-enable without issue, but still flagged as unsupported.

Sounds like I'm talking myself into Immich already haha.

The issue for me is that Nextcloud has these features as well with App add-ons. I have yet to try Immich because what's more important for me is the actual backup\upload of my photos than actually browsing them. Maybe someday, but my self hosting initiatives typically involve me chasing a shiny red ball of a deployment, and Immich just isn't shiny enough for me yet.

I recently set up quite a few friends and family with Windows 10 IoT Enterprise licenses thanks to MassG. Told them if they don't get updates past next Tuesday to let me know.