This thread has some high Google juice, so here are some instructions on how to get certificates for private IP’s on letsencrypt.
Requirements: a domain name (example.com), access to the DNS server for example.com, root access on a publicly accessible server (server.example.com). And let’s assume you want to create a certificate for 192.168.7.7 named foo.example.com
- install certsling on the server.
- Add an A record to point foo(.example.com) to 192.168.7.7
- Add an NS record to point _acme-challenge.foo(.example.com) to server.example.com
-
sudo socat -T15 udp4-recvfrom:53,reuseaddr,fork tcp:localhost:8053on your server - open port 53 on your server firewall
mkdir myemail@example.comcd myemail@example.com-
certsling -s --dns foo.example.comto get certs from the letsencrypt staging server - When step 8 works, rm -rf *
-
certsling --dns foo.example.comto get real certs
Your certs will be in "myemail@example.com/foo.example.com/"!