Utilize SSL/TLS for your internal services for your homelab without having to setup an internal certificate authority (CA) by relying on a public CA.

Why not an internal CA?

Why this solution then?

Setup Overview

We will be using Cloudflare for our external DNS provider and Traefik as our loadbalancer and SSL termination proxy. Assuming you own a public domain like, we will be putting all our local services behind the subdomain *


What is Cloudflare?

Cloudflare is a web infrastructure and web security company that provides CDN services, DDoS mitigation, internet security, and DNS services.


We will use them as our external DNS provider.

Make sure you have pointed to your home IP address to pass the DNS verification later when attaining a certificate. You can use something like Duck DNS in order to have dynamic DNS if you don't have a fixed public IP.

We can also have a wildcard record for * point to our local Traefik load balancer IP so that devices in your network can get routed to our internal services.