No external access on premise servers hosted in our network

I do not have external access. I see that most of the agents need external access to lets encrypt for verification. Is there any way around this?

I ran this command: ./ --issue -d

It produced this output: Can not init api
apachectl not found, Need root access

My web server is (include version): Apache

The operating system my web server runs on is (include version): RHEL

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): No

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

No, it’s not possible. If you can’t talk to the CA, then you have no way to ask them for a certificate…

You will need to issue the certificate from a machine that has access to the internet.

You may then copy that certificate behind-the-firewall as you wish.

Thanks for the quick reply, In that case what is procedure for auto renewal.

Thank you

Realistically your only option is to have a DMZ’d host that:

  • Communicates with Let’s Encrypt
  • Performs domain validation by automatically updating your domains’ TXT records at each renewal event
  • Delivers the issued certificate to the internal host over the network (using a script)

If any of that sounds undoable, a 2 year certificate from a commercial CA might be a better option.

1 Like

Or if the client that will accept the certificate is under your control too, you don’t necessarily need a publicly-trusted certificate and could use a self-signed certificate or a private certificate authority, and then configure the client to accept this certificate or CA. You’ll only need publicly-trusted certificates if software that you don’t control (for a public web site, the web browsers used by the general public!) needs to accept the certificates.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.