2022/11/11

that SAN = Subject Alternate Name. A SAN certificate is a TLS certificate that certifies multiple domain names.

see https://support.dnsimple.com/articles/what-is-ssl-san/

that AWS Certificate Manager and other free-TLS-certificate services can’t validate private domain names since ACME (Automated Certificate Management Environment) relies on public DNS or WHOIS records.

See also https://docs.aws.amazon.com/acm/latest/userguide/domain-ownership-validation.html.

2023/02/22

How to make a self-signed TLS certificate:

#!/usr/bin/env bash
# stolen from https://stackoverflow.com/questions/10175812/how-to-generate-a-self-signed-ssl-certificate-using-openssl
openssl \
  req -x509 \
  -newkey rsa:4096 \
  -keyout key.pem \
  -out cert.pem \
  -sha256 -days 365 -nodes -subj '/CN=localhost'