Generate certificates for a private server not visible from everywhere

is it somehow possible to generate a certificate for a private server with is not visible from the internet? and is it possible to automate the renewal process in this case?

is the manual generation suitable for such a situation?

Port 80 and 443 (http and https) are closed from everywhere except for requests coming from VPN , so the server is private, protected by firewall.


There is another authentication method called DNS-01 in which you add specified TXT records to your DNS zone.

The manual mode in Certbot can help you with this, but if you do it manually, it won't be compatible with automated renewal.

The clients written in bash have historically had better support for this method than Certbot does, and so far continue to (including sometimes supporting DNS provider APIs to update the DNS records for you).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.