A wildcard SSL cert for *.example.com from Let’s Encrypt covers every one-level subdomain. You get one through the DNS-01 challenge, or, since February 2026, through the new DNS-PERSIST-01 challenge that skips per-renewal DNS edits. One wildcard cert replaces the per-service certs you’d otherwise juggle behind your reverse proxy.

Why Wildcard Certificates and When You Need Them

If you run three subdomains, single certs work fine. Each one gets its own HTTP-01 challenge, Certbot handles renewal, and life is simple. Once you pass 10 or 15 subdomains, the chore list grows. Every new service needs its own cert request, its own renewal entry, and its own way to break. A wildcard cert folds all of that into one.

For most Linux users in 2026, Podman is the better default choice. It has no daemon and runs rootless, so it drops the security risk of Docker’s root-level daemon. Its native systemd integration also means containers act like any other service on a modern Linux box. That said, Docker is the safer pick if your workflow leans on Docker Compose v2 plugins, Docker Desktop’s GUI and extensions, or tools that still assume the Docker socket API.

By combining OpenClaw (an open-source autonomous AI agent) with Google’s Workspace CLI and the Model Context Protocol, you can build a self-driving business layer that monitors Gmail, manages Google Drive, and updates Calendar - all without manual intervention. The setup requires configuring OAuth credentials in Google Cloud Console, installing the GWS CLI via npm, and exposing the Workspace tools to OpenClaw via an MCP server - giving your AI agent structured, programmatic access to the entire Google productivity stack.

Yes, you can build a multi-room audio system that rivals Sonos for under $300. It covers five rooms. Snapcast is an open-source audio player. It streams music to every room with sub-millisecond sync. Home Assistant adds per-room volume, source switching, and automation. Each room costs $30 to $50. Sync stays within 1ms, and humans can’t detect delays under 5ms. The whole system runs locally, with no cloud and no monthly fees.

A smart garden irrigation system on Home Assistant joins three parts: a Wi-Fi sprinkler controller, a rain sensor, and automations. The automations cancel or adjust watering based on rainfall, soil moisture, and the forecast. With the WiseWater integration and the native scheduler in Home Assistant 2025.12, this setup now beats pricey cloud-bound irrigation systems. Here is how to build one from scratch.

Why DIY Smart Irrigation Beats the Commercial Options

Commercial smart sprinkler controllers like Rachio , Orbit B-hyve , and RainBird Wi-Fi run $100 to $200. Their “smart” features all need a cloud link and often a paid plan. That includes weather skip logic, seasonal tweaks, and soil type awareness. If the vendor shuts down its servers (remember Wink ?), those features revert to dumb timer-only watering. You’re left with an overpriced relay board.

You can wire any microcontroller into Home Assistant over MQTT . Publish sensor data to discovery topics and subscribe to command topics. You get full firmware control without ESPHome’s abstraction layer. The trick works on any chip: ESP32, RP2040, STM32, or a Raspberry Pi Pico W. It’s the right pick when your device needs custom protocols, bare-metal timing, or firmware features ESPHome can’t reach.

This post covers when raw MQTT makes sense, the discovery protocol that auto-registers devices, firmware examples on the ESP32 and RP2040, two-way control patterns, and security hardening.