LE certificate on IP restricted server


#1

Hi,

My AWS EC2 server only responds to specific IPs and that is configured in AWS for any http/https/tcp/udp requests and connections. I can understand that LE certs cannot be issued for any local/intranet domains as LE needs to access from outside world. I’ve read on several places that whitelisiting LE verfication servers will not work and those are not specified for spoofing and security reasons.

I also cannot use the DNS verfication as the domain belongs to large corporation managed by a dedicated team.

Can anyone suggest what is the best way to issue a LE certificate in my scenario?

Thanks a lot in advance,
Munim


#2

There’s really no way around DNS challenges in the scenario you’re describing. One way to do this in an environment where updating DNS is a slow and/or manual process would be to create a CNAME record for the verification subdomain and point that to a separate domain with the ability to create and update TXT records programmatically. acme-dns provides some tooling for this (as well as a more in-depth description of this approach.)


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.