I have an internal network with several web sites (WiFi portal, Routers pages, Plex + others)
Several of them do not have a certificate and I got the error and annoying message from browsers and devices.
I would like to create certificates for them so that everything is trusted and works fine on every device.
Consider me a newbie of Let’s Encrypt and SSL (not of pc, Linux, etc…) so I’d like a little guidance on how to proceed.
For example I have my personal domain (www and email) but for the intranet I do use a different one. Can I do it?
Thank you for any help you can give me.
P.s. I’ve read several of the faq and articles but I miss the correct starting point.
If you will only be accessing those systems form within your private network and you control all the clients then you could create private cert(s) and trust them.
If you will be accessing them from outside your network or from clients not under your control, then you will need a cert that is signed by a trusted CA. (Note: LE will be signing wildcard certs in January 2018)
Until then, you will need to obtain cert(s) to cover all the individual names that require SSL.
This part can get wildly varied as there are many possible solutions to that situation.
So, it depends on how much inbound Internet access you have (1 IP, 5 IPs?).
How much control/experience your have over the systems allowed inbound http/https.
One simple solution is to accept all names from your domain to one single IP.
test0.your.domain = server1.your.domain = name2.your.domain = sys3.your.domain = (your external IP)
Catch all auth challenge requests for all those names in one system and obtain cert(s) for them there.
Then export/import those cert(s) to all the systems requiring them.
Given: In order to properly connect internal clients to your internal systems via their external names, the external/Internet IP for those names must be overridden on the internal network DNS system (or via manual local hosts file update) to resolve to their local IPs.