We had a UniFi controller installed on VM, that had it’s own public IP address, so there were no issue to get unifi.domain.com certificate.
Now, due to our internal company rules, we had to move controller to other VM, that is behind firewall, so it’s not accesable from internet anymore. I want to know, what possibilities we have to issue the unifi.domain.com certificate for new VM?
We cannot make a port forwarding on firewall, because port 80 & 443 is occupied by other VM which is using Let’s Encrypt certificate too.
Is it possible to still issue the unifi.domain.com certificate on the 1st VM (internet faced), and then we’ll just copy the certificate files to our internal unifi VM?
Or the DNS authentication is our last chance? Currently we cannot automate it (changing TXT records), because our domain holder doesn’t provide any API for it, but we’ll migrate to OVH soon, and most probably we’ll issue a wildcard certificate for whole domain.