this post was submitted on 02 Dec 2025
460 points (98.9% liked)
Selfhosted
60451 readers
877 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil.
-
No spam.
-
Posts are to be related to self-hosting.
-
Don't duplicate the full text of your blog or readme if you're providing a link.
-
Submission headline should match the article title.
-
No trolling.
-
Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Why can't you just have a long lived internally signed cert on your archaic apps and LE at the edge on a modern proxy? It's easy enough to have the proxy trust the internal cert and connect to your backend service that shouldn't know the difference if there's a proxy or not.
Or is your problem client side?
That’s actually a really good idea. I’m not the person you replied to, but I’m taking notes.
One such app I can think of would be a client side issue. If the public cert doesnt match the back end private cert it will sever the connection and mark it as insecure. Hopefully I won't need to deal with it much longer though.
I just heard back from my other team that "this project sounds great for your team" even though they manage many of their own apps and certificates. Perhaps I should just let them burn then!