Private Acme Server in organisation

Hello Sir,

Is it possible to configure a linux server where it can generate private letsencrypt certificates . If i install cerbot and request for a certificate with private domain name(using private dns bind server) to the acme server it must give me a letsencrypt cetificate to a nginx/apache/xyz servers respectively.

if its possible kindly share me a link where i can configure my acme server for private organisation.

Thank you

It’s quite easy to run your own private ACME CA (e.g. using, but the certificates will not be publicly trusted. You will have to establish a private PKI and get your local network to trust it.


do we also need private dns like bind9??
How to do that ‘Establish a private PKI and get your local network to trust it’ ??
How we can configure our own AWS route53 using bind9 in private organisation??

These are very broad questions. It is better that you research and answer them yourself.

You could get started by following along with the examples on It’s the simplest approach to get started with that I know of, and by the time you are done, you will have an internal PKI, a functioning ACME server, and you will probably also need to setup an internal DNS server for your internal domains.


Thanks @_az for the prompt support.

how to make certificates publicly trusted using private acme server

Short answer: you can’t.

Choose between:

  1. Using real domains and publicly trusted certificate authority (like Let’s Encrypt), or
  2. Using internal domains and your private CA, and configuring your devices to trust your private CA certificate

I assume the long answer goes along the lines of “convince browser makers you are trustworthy enough and maybe even obtain a few cross signatures from an existing CA” — which looks like a lot of technical first and then political too work.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.