SSL certificate for no-internet use

Hi.
I have a really strange situation.

I am conducting a summer camp in Russia. The twist is that we want to have internal net with SSL encryption, but we do not have access to global internet.
For now I am renewing my certificates couple days before the camp.
This is ok, but I have long fqdn-s, for which certificates are issued, and it would be convenient to shorten domain names to ***.something-non-existent-in-www
Is it possible?

1 Like

I’m not entirely sure what your question is. If you are asking if there is a way to renew certificates without an internet connection there isn’t any way, your solution is as far as I can tell the only way, renew them on a computer connected to the internet then transfer them to the internal servers without internet.

For the other part of your question, Let’s Encrypt can only issue certificates for domains accessible by the global internet, you can’t use non existent domains.

2 Likes

A public CA (such as Let’s Encrypt) should never issue certificates for non-public hostnames, so no, that’s not possible.

A private CA would be a next idea, but I’m pretty sure you don’t have access to the computers used on the camp. Because you would need to install the root certificate of that private CA on all the computers which would be using your non-existing short hostname.

Another idea, which can work, is to get yourself a public short domain name. If you search with Google, you can find free hostname providers which can provide you with a subdomain of a (short) domain name. If you choose one which is on the public suffix list, you won’t have rate limit issues when requesting a Let’s Encrypt certificate.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.