I am a beginner in the world of certs. I would like to know how to use Let's Encrypt to create internal certs mainly to avoid IP addresses or hostnames being visible to our users in systems that offer a web ui. Example: https://10.x.x.1 or https://servername. I'd rather see a friendly name such as https://branchswitch.bbsc.local.
Hello @rwesterman, welcome to the Let's Encrypt community. 
Let’s Encrypt offers Domain Validation (DV) certificates.
Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Thus you need to own and have control over the Domain Name (or have a subdomain under an existing domain name, for example pointed to your server by your employer or school) you wish to obtain a certificate for, from an ICANN Accredited Registrar.
Please read Certificates for localhost - Let's Encrypt
Here are some link to within the forum that are worth reading
3 Likes
One thing you could do is purchase a domain purely for internal use. Maybe something like bbcs.net if your public domain is bbcs.com. or use something like int.bbcs.com
I have a domain with no external facing records, my internal servers all use it and I am able to obtain certificates as needed using the DNS challenge
6 Likes
Or, if you don't have (or don't want to use) a public domain, the answer is to use a local CA. Trust its root cert on all your client devices and you're good to go. Here's what I've been using for a while with good results:
https://smallstep.com/blog/build-a-tiny-ca-with-raspberry-pi-yubikey/
7 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.