How to secure Windows IIS Intranet that does not resolve publicly

Is it possible to use a LetsEncrypt cert on an internal facing Windows site that will not resolve outside of our organization? If so, what tool should I use? I tried the GUI tool Certify but it will only work if external resolution is possible.

Any help would be greatly appreciated!


Does it have a domain name that you have control over outside of your organization ? if so you could potentially get a certificate using a DNS challenge.

If not, and it hasn’t got a public domain name associated with it, then you can’t obtain a certificate.

1 Like

As an example the internal domain is “” We only have “” available from the outside. Does that help?

Yes, that helps.

It’s perfectly possible to get a certificate for the abc subdomain using a DNS challenge.

1 Like

Awesome, do you know a tool or client that runs in Windows for IIS that will do such a thing?

Others may know better - I’m more of a Linux guru. There are windows clients at at least some of which include the DNS challenge such as ACMESharp

1 Like

Great I’ll check it out. Thank you for your help!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.