Hi,
is it possible to use let's encrypt certificates for offline apps that are not online?
Thank you
Sure, if you get them first.
Note that the certificates only have a lifetime of 90 days and renewing a certificate would mean using the internet again. Let's Encrypt recommends renewing 30 days before expiry (so 60 days into the certs lifetime).
If you can tell us more about the specific situation, perhaps we can give a more detailed advise.
2 Likes
I should set the web apps in https and they are not public, in the url there is no fqdn but ip.
Is it possible to perform automatic renewal? How do i get there first?
I have websites with let's encrypt but since everything is online i have never had the problem.
Thank you
Let's Encrypt doesn't provide certificate for IP addresses currently. That changes soon™, but they will only issue certificates for public IP addresses (i.e. not anything in 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), and such certificates will only be valid for 6 days.
One option you have is to get a public (sub)domain and point it to your internal IP address(es) and use DNS-01 to get certificates, and only access whatever webapps you have through this domain.
3 Likes
So should i publish web apps?
Thank you
It doesn't matter if your apps are private. You just have to use a valid domain name if you want to use a Let's Encrypt certificate.
3 Likes
I thought about it after a few minutes.
I just need a valid DNS record.
In the firewall i will open port 80 for renewing certificates with cerbot.
I only need one certificate to manage a few apps because there is a revere proxy.
And everything should work.
Thanks
3 Likes
Dont forget about the DNS-01 challenge, which does not require port 80 to be open to the internet.
3 Likes
(post deleted by author)
DNS-01, i just need to create a TXT record in the DNS server, apps.example.com. It should work.
Is this correct?
Thanks
1 Like
Correct, and, if you use a DNS provider that has integration with your ACME client, it can add and remove those records for you! 
4 Likes
I think ACME protocol is supported.
There is no difference from a public website.
Thanks
I was just encouraging you to automate the creation of your TXT records rather than doing it manually. The process works best when you put your renewals on autopilot, and you can't do that if you have manual steps.
2 Likes