I have a couple of servers with sites available only to hosts on our network. I wanted to use letsencrypt for certificates, but found it difficult to accomplish this without exposing them to the internet. I had one server that was already exposed to the internet, so I created a virtual site in apache that matched the internal site. I was able to get a certificate from letsencrypt and scp it over to the internal server. I can now connect to the internal site without any warnings and it shouldn’t be difficult to automate the whole process.
Is this a good method to accomplish my goal or am I misusing this service? Is there an easier/preferred method to authenticate internal servers? Am I introducing potential security risks? Thank you for your help.
That method should work fine, yes. Personally I use the DNS challenge, which can easily be automated, and doesn’t need a webserver or even an A record in the DNS - as long as they are for subdomains of a public domain you control the DNS for.
That would be my preferred method as well, but our domain is with asmallorange and I don’t think they are set up for automatically updating the dns. I guess I could always setup a different domain with another service that will work easily with letsencrypt. Thank you
The domain registrar and your DNS provider can be two different service providers. cloudflare.com offers a good, free DNS service, with a very good API for automating changes to your records.