I’m relatively unfamiliar with PKI generally and the specifics of Let’s Encrypt implementation in FBX. I was wondering if there was a way I could have FBX obtain certs, but keep the certs limited to a specific host, and not for the entire domain? I wanna test various apps on my Pioneer, but I may not want it to be “the master of certs” for the domain.
I may want\need certs\PKI on other hosts within the domain. Maybe this isn’t a big deal, and other hosts can easily “tap into” whatever FBX\Let’s Encrypt sets up?
Let’s Encrypt can provide multiple certificates for the same domain (in case one is lost, I suppose), but certbot tool is tuned to handle one certificate for one domain. So is FreedomBox’s code handle certificates.
If you wish to play around with special certificates for specific apps (or for hosts on the local network), then subdomains is the way to go. If you own a domain by purchasing a name with domain registrar or by having a free domain from ddns.freedombox.org, then you can have unlimited number of subdomains. See FreedomBox/Guide/ExposeLocalService - Debian Wiki for information on how to setup subdomains. This guide also talks about setting up TLS certificate on FreedomBox while forwarding unencrypted traffic to another host hosting a service on the network.