Private domains, NAT, and Let's Encrypt

Hi,

In short, yes. LE can only issue certificates to public domains.

In order for LE to issue a certificate, you'll need:
A PUBLIC DOMAIN (E.G. NOT .LOCAL, and public resolvable)
And
A public IP / a set of public reachable DNS server.

You can still obtain a certificate using DNS-01.(especially obtain a wildcard certificate by adding records to root domain)

For internal certificates (.local etc), it's better to use self-signed ca.
For domains that has internal IP (but DNS server can be queried outside the network), you can use DNS-01 validation.

I see that your domain is NetworkTest.com and they have public queriable DNS servers.

Although it may not be ideal to obtain a certificate via http (since you said it's internal and Nat), you can request wildcard certificates by adding txt records on root domain.

Thank you

1 Like