Generating a certificate for intranet use

Hi, I have a containerized web app that is only accessible through the company intranet. I am trying to figure out how to get a signed certificate generated using nginx and certbot (Docker images) by following the instructions in this article. But I am not able to get around the challenge due to the fact that it’s not accessible outside the company intranet. How do I get around this or is this even possible?

You need to have a publically available hostname. If the host itself isn’t accessible from the outside world, it is still possible by using the dns-01 challenge. Of course, that requires you to have access to the DNS server (or a delegated DNS zone) for that hostname.

So, a few examples:

  • foo.dev.example.local -> never gonna work, hostname isn’t public
  • foo.dev.example.com -> might work, if the DNS zone of foo.dev.example.com is publically reachable
1 Like

Can I spin up linuxserver/letsencrypt Docker container within our environment and get our certs signed?

Sure.. Whatever floats your boat.

For this to answer, I'll refer to my previous post:

Ah… I thought I could get around the first answer but having an internal instance of it that has access to the intranet. Thank you.

No, something has to be public. A publically available DNS server with access to the zone you’re using internally is fine too, as long as Let’s Encrypt can resolve certain TXT RRs of that internally used DNS zone.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.