Sign certificate for LAN usage (.lan domain)


Dear Reader,

For a project I need a certificate for usage within a local network. I am using a .LAN domain name and it seems not to be possible to use this top level domain. At this moment, all PC’s in the local network receive a warning about an insecure website. What would you advise in this situation?




Hi @mvs

is this domain name a public domain name? If yes, you can create a Letsencrypt certificate.

If no, then it’s not possible to get a certificate.

If you have a domain name with a public ip address, you can use http - 01 - validation to order a certificate.

If you have only a domain name, you can use dns-01 - validation, so you have to create a special dns txt entry


with a special value, so Letsencrypt can check that you are the owner of this domain.

It is possible that you create a internal self signed certificate and use that. But then all users have to accept this certificate / install it local.


Hi @mvs, thanks for the question.

Let’s Encrypt is only able to issue certificates for true top level domains registered with IANA. In this case,.lan is not an IANA registered top level domain and so you won’t be able to get a certificate from Let’s Encrypt for this domain.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.