How do you manage the distribution of internal TLS network certificates? I’m using cert-manager to generate them, but the root self-signed certificate expires monthly which makes distribution to devices outside of K8s a challenge. It’s a PITA to keep doing this for the tablet, laptop and phones. I can bump the root cert to a year, but I’m concerned that the date will sneak up on me. Are there any automated solutions?
I started watching the video. I was not aware that LetsEncrypt supported wildcard certificates. Does this mean that your internal network uses the same domain name as your externally-hosted services?
Yes.
Vaultwarden.local.example.com
And
Jellyfin.example.com
This is the best and most robust way to do this