I intend to serve the group via https internally within the institution.
my web server (linux with root control) has a public ip bound to a full/proper hostname with the instituion’s external facing dns server(no control), hence the webserver is behind firewall and the ip (or full hostname url) is only accessible via ssh tunnle or the instition’s vpn from outside.
is it still possible (with the help of one time vpn connection maybe) to obtain a https certificate using let’encrpt. I am happy to do that manually for the start and for the renew.
if not possible, is there any other vendor/method that can be used to archive this?