Get Certificates for internal Server in intranet


#1

Hello,

ich have one Server that internet acess and can receiver SSL Certificates from Certbot. Now we have many Server which are running in our intranet behind our proxy/firewall. We want to archive that they are also get an SSL Certificate.

How can i get SSL Certificates for these Servers?

Example:

Server1 is our Internet Server which can receive SSL Certificates what we already done.
Now our Intranet Server ( Server2.domain.com )without Internet Access should receive the SSL Certificate for this Server.

How can i solve this problem?

Thank you

Christian


#2

Hi @usxliberty

what are the domain names? Are these public domains? If every internal server has a public name, you can create a certificate. Has every server a webserver? If yes, use that. If not, perhaps the standalone - option may help.

Other solution. Create one wildcard certificate *.yourcompany.com and use this with different servers. It may be simpler - only one certificate, different places.

It may be simple or painful to install certbot on every internal server and manage all the renews. So it’s not really possible to say: “This is is a solution”.


#3

Hi @JuergenAuer,

the reachable Server with Internet Access is server1.domain.com and now i want to have a ssl for our internal server which have no internet access but which have a internal DNS. (Server2.domain.com)

So what exactly i have to do? How do i order on server1 an Certificate for internal Server2 ?


#4

You can use your existing certbot with --manual and --preferred-challenges dns-01.

But you have to create manual a new dns entry _acme-challenge.server2.domain.com with a special value.

And you have to renew the certificate every 60 - 90 days. So check, if your dns provider has an api.


#5

You may use several DNS plugins which will automate creation of authorization record. https://certbot.eff.org/docs/using.html#dns-plugins


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.