I absolutely love Let’s Encrypt, but this is my first post here and although I’ve read pages and pages, I am no expert on certificates and SSL, and I find little information on my actual usecase. I am using Let’s Encrypt on my company website and file sharing system already, and have set this up with no issues.
This enquiry however, evolves around my occupation: I install Building Management Systems that offer an option to incorporate HTTPS and other encrypted protocols to enhance security. Although most installers doesn’t bother with this as they find it difficult and unneccesary, I obviously do since I’m posting here.
The encryption works though self-generated, self-signed certificates, so although they greatly enhance security, they are not very userfriendly, since users are presented with (many) warnings about untrusted certificates (the application is running on JAVA).
Some installations will be hosted at the clients sites, either directly in a controller or in an on-site server. Others will be hosted by me using a VPS in a data center. Every device (server, controller, VPS,…) will have it’s own certificate, and these certificates are signed by my own root or intermediate certificate.
What I’m thinking is if I can use Let’s Encrypt to sign my Root Certificate (as a service running on my hosting server), and thus achieve that all my certificates (even on controller level) are trusted by browsers, but obviously not verified like a CA?
I haven’t checked yet, if this usecase is actually permitted for in the license agreement, but providing it is - is it technically possible? And if so, how would I go about setting it up, in outlines?