So, now that Letsencrypt is more publically available I’m looking onto these solutions.
The first one I thought I’d try to tackle is the home user version which is similar to Plex’s solution.
Unfortunately if I understand that one correctly it requires me to somehow partner with certificate issuer since they need to be able to generate certificates on the fly for every user. That sound like a non solution for a non-funded open source project. With the throttling I also can’t use letsencrypt to generate certificates for each user as plex is doing since I’d be generating one per user per ip address for the same base domain (examples .userid.myapp.com, .otheruser.myapp.com) etc…
Am I wrong? Is there a workable solution?
To be clear and state the issue again:
- Users install a native app on Windows/Mac/Linux
- That app is a web server. It serves pages at http://localhost:1234
- That needs to change to HTTPS because Chrome is banning needed features from HTTP pages
Plex’s solution is to somehow generate a user specific certificate that gets installed on the user’s machine and is served by the natively installed app. That certificate is a wildcard certificate in the form of
*.<someuserhash>.plex.com. Plex then runs a dynamic DNS server that resolves
<ipaddress>. It has to be a wild card certificate because the user’s machine will be seen on different ip addresses both internal and external as well as every time they restart their machine they might get assigned a different address.
It sounds like I’m S.O.L.