Hi, I have a phone server (PBX) hosted on Amazon EC2, and we have a VPN to access it on it’s private IP (172.x.x.x). Normally our public DNS (phones.ourdomain.com) points to the private IP, so that people in the company on the LAN can type the domain instead of the IP, and people outside the LAN/VPN won’t be able to contact it in any way.
Since I have to allow letsencrypt to verify my domain, do I need to:
- whitelist the public Amazon IP to allow letsencrypt’s IP as inbound
- then change the public DNS to point to the public Amazon IP
- initiate letsencrypt verification
- once I have the certificate, set the public DNS back to the private Amazon IP?
Or, is there any way that I can give letsencrypt my VPN credentials so that it can verify my public DNS while it’s pointing towards my private IP? That could save some hassle.