Take for example Caddy, which is https: by default and gets you a valid Let's Encrypt certificate (unless you configure it to do something different). You enter your domain in the config file and it does the rest.
Such a setup would be possible with Apache as well. It's a matter of the configuration files the installed package provides. But some people do not want this. Some people prefer to use certbot or acme.sh or another setup. There is a large variety how this can go and no single best solution for everyone. I have written several recipes for Apache ACME myself to help people with this. See <https://github.com/icing/mod_md> Cheers, Stefan > Am 30.09.2023 um 16:30 schrieb Emmanuel Dreyfus <m...@netbsd.org>: > > On Sat, Sep 30, 2023 at 07:40:34PM +0530, General Email wrote: >> By the way, I don't understand how the default certificate can be abused. > > It is not signed by a trusted CA, hence your browser cannot tell if it > is speaking to your legitimate web server, or to some malware lurking > in between. Perhaps your web trafic is not worth being evesdropped, but > consider a malware could inject an exploit against your browser in your > web trafic. The attacker could just be an infected machine on the same > LAN. > > The security level of an untrusted ceritificate is not much better than > plain text HTTP. > > -- > Emmanuel Dreyfus > m...@netbsd.org
