Unfortunately some apps require the certificate be bound to the internal application, and need to be done so through cli or other methods not easily automated. We could front load over reverse proxy but we would still need to take the proxy cert and bind to the internal service for communication to work properly. Thankfully that’s for my other team to figure out as I already have a migration plan for systems I manage.
They are going down to 200 day expiration in March 2026. You can still buy 5 year certificates today but you still need to reissue them in 365 day cadence.
I’m in the same boat here. I keep sounding the alarm and am making moves so that MY systems won’t be impacted, but it’s not holding water with the other people I work with and the systems they manage. I’m torn between manual intervention to get it started or just letting them deal with it themselves once we hit 45 day renewal periods.
While I agree for my personal use, it’s not so easy in an enterprise environment. I’m currently working to get services migrated OFF my servers that utilize public certificates to avoid the headache of manual intervention every 45 days.
While this is possible for servers and services I manage, it’s not so easy for other software stacks we have in our environment. Thankfully I don’t manage them, but I’m sure I’ll be pulled into them at some point or another to help figure out the best path forward.
The easy path is obviously a load balanced front-end to load the certificate, but many of these services are specialized and have very elaborate ways to bind certificates to services outside of IIS or Apache, which would need to trust the newly issued load balancer CA certificate every 47 days.
My local Sam’s is hit or miss. Half the time they ask me and other times they don’t. I have admittedly stormed past them without providing proof in the past while they call after me lol.
This is what I hate about these places. You need your membership card to check out. All the items are too big to fit under your coat which thwarts shoplifting to some degree.
Why the hell do you need to see my card at the door? Just put a scanner with turnstiles at the front of shop if it’s that big of an issue.
Thing looks like a suicide pod, and drowning is one of my biggest fears. This thing also costs about as much as my house I’m still paying off. I am not the target demographic for this.
Welcoming the incoming dowvotes for correcting your comment just like the many similar comments and posts I’ve seen on Reddit, but this is purely a configuration issue.
Transcoding on local network is allowed without a subscription. If you are running your own DNS server (like pihole or unbound) you need to configure an internal “plex.direct” record. You also need to uncheck an option to “treat your WAN IP as internal” option which corrects double NAT issues.
I have yet to see a need to move away from Plex. I paid for the cheap lifetime sub over a decade ago at this point and everyone I invite to my server has no complaints and has not had to pay Plex a dime. I don’t use their plex.tv proxy, I direct connect to my own IP and leave their remote proxy option off in the server and everything works great.
I will check out Jellyfin at some point if Plex makes things more difficult in time, but for now these articles are literally just rage bait in the homelab ecosystem. They enacted this back in April of 2025 already!
Fox was accidentally put on our work TVs today (usually CNN which isn’t much better). For some reason I was able to see past the makeup and I’m pretty much every host they have now is just the Crypt Keeper underneath 20 pounds of the stuff.
It’s always DNS
My wife mentioned that Teachers are no longer listed as professionals either. They literally want or country to be as dumb as fucking rocks, slave our life away, and die horribly.
One such app I can think of would be a client side issue. If the public cert doesnt match the back end private cert it will sever the connection and mark it as insecure. Hopefully I won’t need to deal with it much longer though.
I just heard back from my other team that “this project sounds great for your team” even though they manage many of their own apps and certificates. Perhaps I should just let them burn then!