concept

SSL/TLS

The encryption protocol behind HTTPS that secures data in transit. Every service exposed beyond your local network should use it.

SSL/TLS is the encryption protocol that secures the connection between a browser and a server. When a URL begins with HTTPS, TLS is what makes that connection private in transit.

Why it matters for self hosting

Without TLS, traffic between your browser and a service travels in plain text. Anyone on the same network, or any device between you and the server, can read it. Usernames, passwords, and session tokens are all visible.

A valid TLS certificate also prevents browser warnings. Modern browsers flag plain HTTP connections as insecure, and some features refuse to work on unencrypted pages. Any service you access outside your local network needs HTTPS.

How certificates work

A certificate is issued by a Certificate Authority that confirms your control over a domain. Browsers trust certificates from recognised authorities. Let's Encrypt is a free, widely trusted Certificate Authority that issues certificates automatically using an open protocol called ACME.

In a home lab, Traefik can act as an ACME client, requesting and renewing Let's Encrypt certificates automatically as new services are added. This means HTTPS is handled at the reverse proxy level rather than configured separately for each application.

Certificates issued by Let's Encrypt are valid for 90 days and renew automatically when a compatible reverse proxy is in use. At the time of writing, Let's Encrypt certificates are free of charge for any domain.