I have a single Nginx setup which is the frontend for all my web services. So I only need to deploy it there (and to its HA partner). My renewal script just scp’s it to the secondary and does an nginx -s reload on both.

I do generate separate certs/keys for my non-web servers, but there’s only two of those.

You could also, if you wanted, just generate one cert and distribute it and its key to everything with a script or other automation tool (Ansible is what I used to use).

Is there a way I can get Let’s Encrypt to dole out a wildcard certificate

Yep. Just specify the domains yourdomain.com and *.yourdomain.com in the certbot request. Wildcard domains require the DNS-based challenge, but you’ve said you’re already good there. You don’t technically need the apex domain (yourdomain.com) but I always add it since I do have services running there.

Any subdomains under the wildcard can use internal DNS or internal IPs on the public DNS (I do the former, but the latter works too).

I used to run an internal CA, and it wasn’t too hard to setup a CA and distribute my root cert. Except on mobile devices. On Android it was easy, but there was a persistent warning that my network traffic could be intercepted (which is true when there’s a custom root cert installed), but it since it was my cert, it got annoying seeing that all the time. Not sure if Apple devices can even do that, but regardless, it wasn’t practical for friends who wanted to use my self-hosted services to install a custom cert when they were over.

Yes!

I was really hoping you’d edited the subtitle to have him say “Nice Beverly” lol

Among many reasons, this is in the top 5 of why I reject “AI”.

I was always a fan of Admiral Clancy:

It’s fine. She actually earned it. lol

I’m content being the best admiral Starfleet could have had if they weren’t a bunch of sticklers for the rules. They’re all like “You can’t be an admiral because you ✌️didn’t go to the Academy✌️, you’re not ✌️qualified for the job✌️, and you’ve ✌️escaped from an institution✌️.” 🙄

Yeah, I’m def bumping this up on my rewatch list. Been on a 90s kick lately and this fits right in.

Wow. Totally did not recognize that scene at all.

I have so many questions.

First of all, how dare you? Second of all, is that Jan Hooks? Third, what is that from?

Is there EV support?

Looks like it, yeah:

The UI still shows Fuel, but it seems like you can enter the kWh and it should calculate. Maybe plug some values into the demo to be sure. If you do, let us know!

I use Fireflyiii for my money and budgeting.

I don’t see why not. I haven’t stood it up yet, but I’ve played with the demo. It does have a section for parts/repairs/upgrades.

Give the demo a try, and let us know.

Yeah, building a simpler version of something like that was on my ever-growing “to do” list but came across this today. Probably going to deploy it this evening or maybe this weekend (whichever day it’s supposed to rain lol).

For a website, forum, blog, etc, at least the damage caused by poor security would be limited to just that platform. Unfortunate, but contained. With federation, that poor security becomes everyone else’s problem as well. Hence my gripe lol.

It’s been so long since I setup my instance, I honestly don’t recall what the default “Registration mode” is.

I’m but a small drop in the larger fediverse, but I do develop a frontend for Lemmy. I actually coded the “Registration” section in the admin panel to nag you if the config is insecure. lol

It will still let you do it, just with a persistent nag message on that page.

Basically, yeah. Not all admins would defederate, so they probably wouldn’t be completely isolated off, but they would definitely have a very reduced audience for their, uh, antics.

Yup, and I’ve probably still got a lot of those instances on my federation blocklist.

One of my ongoing gripes with the fediverse is that people run instances with little/no oversight and leave registrations wide open. It’s just irresponsible to have open registrations when you don’t have an admin available 24/7.

So let’s say instance A and B are defederated from each other, but both are federated with instance C. After a user from A posts something on C does every user from B get to downvote everything?

Yes. Instance A will not see the downvotes from instance B, but instance C would. Also, anyone federated with all 3 would see the downvotes from B for content posted by someone on A.

The only defense is that mods and admins can see the votes and, if something like that is suspected, they can take action (ban the accounts, mods report the behavior to admins, consider defederating from instance B, etc). Seeing a pattern of mass-downvotes only from a particular instance would be considered a red flag for most admins.

This scenario is less likely than what we see in practice, though, since the overhead to create an instance and the “eggs all in one basket” make it easy to take action against (admins would quickly coordinate to block that instance). Tools like Fediseer would also be used to censure that instance and bring its behavior to light.

In the wild, it’s far more common for them to just spin up a bunch of accounts across “good” instances (particularly those without registration applications) and coordinate.

One example of that: https://dubvee.org/post/1878799