Cert for intranet


#1

Hi,

it appears that LE is not supporting intranet certs.

As there is no support of wildcards, it’s for me a real problem because i can’t use ssl on intranet websites.


#2

What exactly is the specific problem you’re running into? :scream:

Or you’re just complaining Let’s Encrypt isn’t the solution you were hoping for? Whether that’s the fault of Let’s Encrypt or your expectations… I’ll leave that to the judgement of the reader :wink:


#3

hi,

IMPORTANT NOTES:

it’s my problem ^^ because *.intra are pointing to 10.234.62.x (private :p)


#4

Yes, ofcourse. Let’s Encrypt needs proof you have control over those domains. Currently, it needs a successful HTTP challenge to complete and therefore the host needs to be accessible by the ACME servers from the WWW.

As your domains seem to be accessible by DNS, your best chance is to wait for dns-01 challenge support.


#5

Yes i understand it. But if i can have a cert for domain.tld, and www.domain.tld i think it will be easier for intranet websites to being able to make a cert.


#6

@bosco, eventually we might be able to support issuance using the DNS challenge type (where you can get a certificate if you can add specified data to your DNS records). Until then, you would need to set up some kind of proxy or split DNS approach because all of our verification methods do require connecting to a publicly-visible host that can answer for the requested subject name.


#7

Also you can point your intranet subdomain to a public-IP server, get a cert and then point it back to intranet.