ich have one Server that internet acess and can receiver SSL Certificates from Certbot. Now we have many Server which are running in our intranet behind our proxy/firewall. We want to archive that they are also get an SSL Certificate.
How can i get SSL Certificates for these Servers?
Server1 is our Internet Server which can receive SSL Certificates what we already done.
Now our Intranet Server ( Server2.domain.com )without Internet Access should receive the SSL Certificate for this Server.
How can i solve this problem?
what are the domain names? Are these public domains? If every internal server has a public name, you can create a certificate. Has every server a webserver? If yes, use that. If not, perhaps the standalone - option may help.
Other solution. Create one wildcard certificate
*.yourcompany.com and use this with different servers. It may be simpler - only one certificate, different places.
It may be simple or painful to install certbot on every internal server and manage all the renews. So it’s not really possible to say: “This is is a solution”.
the reachable Server with Internet Access is server1.domain.com and now i want to have a ssl for our internal server which have no internet access but which have a internal DNS. (Server2.domain.com)
So what exactly i have to do? How do i order on server1 an Certificate for internal Server2 ?
You can use your existing certbot with --manual and
But you have to create manual a new dns entry _acme-challenge.server2.domain.com with a special value.
And you have to renew the certificate every 60 - 90 days. So check, if your dns provider has an api.
You may use several DNS plugins which will automate creation of authorization record. https://certbot.eff.org/docs/using.html#dns-plugins
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.