I have a bit of a issue what I want to solve. We have an VM on our internal server where Ubuntu 14.04 is installed. We use that VM to run Gitlab for our projects and therefore we want to restrict access by making that server only internally accessable. Our VM can connect to the internet, but is not accessable for services like LetsEncrypt (or users that aren’t connected to our network).
That server has an internal IP and we can access Gitlab via local DNS which resolves git.domain.com to that IP. I wanna create a SSL for that subdomain, so we can access that via https. We own domain.com, but the records of that domain points to an external (other) webserver.
We could use the DNS-01 verification, but that would mean that we need to change the DNS record every 90 days to manually renew the certificate. The other validation methods require that our server is connected to the web. Can I create a DNS record for our server that points to a reachable server and somehow use that to validate our internal server? Or a better way to use https for our Gitlab?
My web server is (include version):
Gitlab uses nginx
The operating system my web server runs on is (include version):
Ubuntu 14.04 LTS 64-bit
I can login to a root shell on my machine (yes or no, or I don’t know):