Get Certificates for internal Server in intranet


ich have one Server that internet acess and can receiver SSL Certificates from Certbot. Now we have many Server which are running in our intranet behind our proxy/firewall. We want to archive that they are also get an SSL Certificate.

How can i get SSL Certificates for these Servers?


Server1 is our Internet Server which can receive SSL Certificates what we already done.
Now our Intranet Server ( )without Internet Access should receive the SSL Certificate for this Server.

How can i solve this problem?

Thank you


Hi @usxliberty

what are the domain names? Are these public domains? If every internal server has a public name, you can create a certificate. Has every server a webserver? If yes, use that. If not, perhaps the standalone - option may help.

Other solution. Create one wildcard certificate * and use this with different servers. It may be simpler - only one certificate, different places.

It may be simple or painful to install certbot on every internal server and manage all the renews. So it’s not really possible to say: “This is is a solution”.

Hi @JuergenAuer,

the reachable Server with Internet Access is and now i want to have a ssl for our internal server which have no internet access but which have a internal DNS. (

So what exactly i have to do? How do i order on server1 an Certificate for internal Server2 ?

1 Like

You can use your existing certbot with --manual and --preferred-challenges dns-01.

But you have to create manual a new dns entry with a special value.

And you have to renew the certificate every 60 - 90 days. So check, if your dns provider has an api.

You may use several DNS plugins which will automate creation of authorization record.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.