Certificate for an internal server (only open from office)


My company have server to host application for internal use only. So this server is on internet but IP are restricted only from office.

Is it possible to use Let’s Encrypt to have Https ? I ask that because in the FAQ we can’t know the IP of let’s encrypt so how the validation will be done ?

Thanks a lot.

Has this server got a fully qualified domain name ?

If it is on the internet, but restricted to your office IP, then the easiest is to allow full access to domain/.well-known/acme-challenge for any IP address, but of course restrict other folders to your office IP.

Alternatively, you could perform a DNS challenge rather than a http challenge.

Yes the server got two fully qualified domain name : gitlab.company.com and jenkins.company.com

I can’t change the rules of restricted IP because it’s a firewall before my server so I will do it with DNS challenge.


If you have a look at the alternate clients the Bash clients and the Go clients support the DNS challenge.

Thanks no client for my DNS Provider Gandi … so the renew will be done manually.

From a quick look - https://wiki.gandi.net/en/xml-api - gandi has a perfectly good API for dns records, so you should be able to use the DNS method.

yes but I need to develop the interface :wink:

You only have to write about a dozen lines for that I think. If I get chance later I’ll take a quick look.

looking at the go alternate clients - the Lego one already supports gandi dns challenge.

1 Like

nice !!
Thanks for your help

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.