overview for iggy

Cloudflare LE certificate management? in c/selfhosted@lemmy.world

[–] iggy@lemmy.world 3 points 1 month ago* (last edited 1 month ago) (1 children)

I'm not familiar enough with cloudflare proxy stuff. I just have my DNS pointed at my router external IP (and luckily my ISP doesn't reset my IP ever.) It sounds like CF has designed this intentionally as a profit center. Sorry couldn't be more help

Cloudflare LE certificate management? in c/selfhosted@lemmy.world

[–] iggy@lemmy.world 8 points 1 month ago (3 children)

This isn't a cloudflare limitation. It's a TLS limitation. It was a conscious decision not to support multi-level wildcards. You won't find a service that supports it. Most people get around this by just not using TLS certs like this. You can encode your multi-level name spacing in 1 level So instead of something like svc1.svcgroup.dev.domain.org You can do it like svcgroup-svc1.dev.domain.org

Never heard of a tool to get around this TLS limitation. There are tools that manage lots of certs (cert-manager in k8s comes to mind). If you had a more concrete example it might help people to suggest solutions.

ARM SBC Replacement for my k3s cluster in c/selfhosted@lemmy.world

[–] iggy@lemmy.world 4 points 1 month ago (1 children)

The only Radxa I'd bother with is the Rock 5 and for the price, I'd probably just go with rpi5 (unless you like to tinker... a lot). That's coming from someone that owns 3 Rock5's. The new Orion board looks interesting, but if it's like any other Radxa products it'll be 2+ years before it gets decent software support.