Hacker News new | past | comments | ask | show | jobs | submit login

Going to reply to my own comment here.

It's at this point that I swear profusely at Microsoft yet again, for pushing the concept of '.local' domain suffixes a decade ago. As it's not a legal TLD, I can't get certs for any of my internal services without rolling my own internal CA, which only works automatically for Windows domain machines, and not for anything else.

The ".local" suffix was a terrible idea, to be sure. Active Directory domain rename in small environments is relatively painless.

Unless of course, you are running Exchange. In which case it's not supported :(

Unfortunately, yes. I've been lucky enough to be able to get domain renames done in Exchange 2003 environments (which is supported) or in non-Exchange environments. Migrating to a new domain because of a poorly-chosen name is a real pain. (I have one Customer who has a "." in their NetBIOS domain name. That creates some interesting kinds of hell-- completely breaks the NPS RADIUS server in Windows 2012.)

I agree that it’s terrible, but the reason they used to recommend .local goes back to their Small Businness Server in the 1990s when it was very expensive and bureaucratic to register a domain - not something they could demand of their target market. MS’s error was their failure to update their recommendations after domain registration became cheap and easy.

IIRC Microsoft does now recommend using a real domain with a real TLD nowadays.

Can you create a CNAME on your internal DNS so server1.company.local = server1.company.com?

Found here: https://community.spiceworks.com/how_to/139715-letsencrypt-w...

And also conflicts with mdns. :(

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact