Domain to obtain a certificate for


#1

My domain is: ucs-840.peg.intranet

hello i am using owncloud and univention UCS control panel from a VMware player virtual machine , the VM is Bridged and i am able to access the internet remotely with the VM. I am trying to issue a SSL Certificate from Let’s Encrypt. the problem i am having is the Domain name…i am trying: ucs-840.peg.intranet, so i tried the address and it wont work, it says it needs a public suffix on the end (a .com or something?) i am sure i have the right domain name for issuing a certificate from Let’s Encrypt.

Thank You.

Gram


#2

Let’s Encrypt is a public Certificate Authority (CA). Public accepted CA’s need to abide to the rules of the CA/B Forum rules about publically accepted certificates. One of those rules is not to issue certificates which are not publically resolvable.

As the TLD “intranet” isn’t a public TLD, Let’s Encrypt can’t issue certificates for that TLD.


#3

Yes, as @Osiris mentioned, .intranet is not a recognized Internet accessible TLD.
So the question, for me, now becomes: Is your system accessible from the Internet?
If YES, you could assign that public IP a free Dynamic DNS name (or any name from any public domain you control) and use that name instead for your cert.
You may, however, have to update your internal DNS, or HOSTS file, to resolve that new public name to your internal IP (the same IP that ucs-840.peg.intranet now has) for your internal clients to be able to connect to it securely via the external name.
If NO, then you don’t really need a publicly signed certificate.
Or, do you…?


#4

Thank You also for your reply , the virtual machine (owncloud / UCS) is accessible to the internet via port forward through our firewall , as was said by Osiris , I don’t have a qualified Domain name to input into the UCS control panel for a certificate from Let’s Encrypt , I will look into the DDNS services for our DNS problem.
Thank You.
Gram


#5

You could also consider using a self-signed certificate if you’re the only one who ever accesses your service!


#6

There will be about 5 people accessing the cloud server I am running from different terminals.

Regards.

Gram


#7

OK, if you don’t control all of those machines yourself, it would probably be easiest to get a public domain name, including via a dynamic DNS service or something as indicated by @rg305. Let’s Encrypt is able to issue certificates for names from dynamic DNS services.


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.