This may be similar to Certificate for local network behind fritzbox (custom domain) or Sign me as an Intermediate CA for my Domain with Name Constraint? or Adding new sub-domains to certificate
My company ReallyBigFoo (not their real name) owns
reallybigfoo.com and has a certificate from ExpensiveCA.com for
www.reallybigfoo.com for their public-facing website. That’s fine.
We also have a number of servers behind our firewall for internal use only; they’re not accessible outside of our firewall. I’m working with our IT staff on one of them,
foo37.reallybigfoo.com, which we want to convert from HTTP to HTTPS. I was surprised to find out that they need to buy another certificate from ExpensiveCA.com for
foo37.reallybigfoo.com. We are just trying to get the lock symbol for browsers for our internal staff, and prevent passwords from being transmitted in plaintext.
Here is my question: Is there a way to use Let’s Encrypt for either:
- obtain a certificate for
foo37.reallybigfoo.com (even though it is behind a firewall) and other internal servers
- obtain an intermediate CA certificate for some subdomain like
ca.reallybigfoo.com, so that we can issue our own certificates for servers like
I apologize; while I understand how public-key encryption and signing works, I don’t quite understand the rules behind TLS certificates.