We are going to be moving our intranet (internal) website and it is only available for employees, but will be put in our DMZ next to our public website. I was just going to add the intranet domain to the certificate (which is a subdomain off our main domain) which will work fine, but since it will only be available to folks with a login how can I get Let's Encrypt to do the whole .well-known file read thing?
A link to someplace I can read that has the answer (please no random links for fun) is acceptable, not looking to be hand-fed but need to know where to look that actually has my answer. TIA!
The validation addresses are intentionally not available and may change at any time with no prior notice:
If you want to use the HTTP-01 challenge method for your intranet certificate, you should configure it not to require a login for /.well-known/acme-challenge specifically. Web servers can be configured to require a login by default for web content, but not for specific paths.
Alternatively, you can use the DNS-01 challenge method, which doesn't require Let's Encrypt to connect directly to your web server.