Can I use Wildcard Certificate for Internal & external domain?


#1

I am already use Certbot for my external domain. but there are noway to use Certbot for internal domain (If I am understood right).
Is there any chance use Wildcard Certificate for both of domain?

My external domain: external.domain.com
My Internal domain: internal.domain.com

*My final purpose is using https for internal domain.


#2

Let’s Encrypt does not care whether a domain is internal or external, as long as it is a valid FQDN with a public suffix.

If you can get a certificate for *.domain.com, then you may use it for whatever subdomains and purposes you see fit, even if it is an internal environment with no access to the internet.


#3

Thankyou for quick reply :slight_smile: I will try and share the result in here.


#4

You can also get non-wildcard certificates for internal names if the internal names are under a publicly-registered domain name that you control. This can only be done using the DNS-01 verification method, which requires you to create _acme-challenge DNS records (usually via a DNS provider API). With the DNS-01 method, Let’s Encrypt doesn’t have to connect directly to your server for verification. (This is also the only method permitted for issuance of wildcard certificates.)

Some people like wildcard certificates for this application because they don’t reveal exactly which internal names you have. So if you have an internal name based on a secret project (like mysecretproject.domain.com), getting a Let’s Encrypt certificate for that specific name would reveal the existence of this project via the public Certificate Transparency logs, but getting a certificate for *.domain.com instead would only reveal the existence of the wildcard certificate.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.