I have a non-public domain – blah-blah-dot-cloud – which is never used outside the company and cannot be reached from the public Internet. However, it is used by several hundred machines within the company, and I would like to be able to use LetsEncrypt to generate a “trusted” certificate for them so that I do not have to “trust” a self-signed cert (hundreds of times …) myself.
LetsEncrypt’s ACME verification systems could not reach these sites to verify them: no one can. But, is it possible to produce a trusted certificate that references these domains? Or is there a way that a signing-certificate could be obtained (from anyone)?