Maybe this is more of a home lab question, but I’m utterly clueless regarding PKI and HTTPS certs, despite taking more than one class that goes into some detail about how the system works. I’ve tried finding guides on how to set up your own CA, but my eyes glaze over after the third or fourth certificate you have to generate.
Anyway, I know you need a public DNS record for HTTPS to work, and it struck me recently that I do in fact own a domain name that I currently use as my DNS suffix on my LAN. Is there a way I can get Let’s Encrypt to dole out a wildcard certificate I can use on the hosts in my LAN so I don’t have to fiddle with every machine that uses every service I’m hosting? If so, is there a guide for the brain dead one could point me to? Maybe doing this will help me grock the whole PKI thing.
You don’t need public DNS. You can use whatever domain you want if you use your own DNS server (though you should use one you own, or something under the .internal TLD).
Likewise, you can issue whatever certs you want if you trust the CA.
But LE does support wildcard certs. You can get them with certbot or other tools.
Personally I use traefik, which has LE support built in. It automatically gets an individual cert for each service. If you use caddy, I’m sure it has something similar.