TLS certificate for Tailscale

craigmyco · August 4, 2025, 9:11am

Tailscale is telling me I need a TLS certificate for my VPN which comes with a domain name, but I don’t know how to do that since I’m used to VPN clients with downloadable certificates on their website. I was directed to Let’s encrypt which then directed me to Certbot. Which I have no idea how to use either of these methods. I should also add that I’m strictly using iOS, which comes with zero CLI support for pretty much all platforms. So any help directing me to a place where I can simply download a TLS certificate for iOS, would be of great help. Thanks

danb35 · August 4, 2025, 9:23am

I think you're quite badly misunderstanding what Tailscale is telling you. What is it you're trying to accomplish, exactly?

craigmyco · August 4, 2025, 9:51am

I think I’m misunderstanding it as well. Although when I signed up for Mullvad, NextDNS and Quad9 they all came with downloadable HTTPS and TLS root certificates that I had to manually trust as well as enable in my VPN management section. But Tailscale doesn’t come with that. But Tailscale does come with a custom domain name. So maybe I’m conflating/confusing a few things here (please forgive my lack of understanding), but I’m just trying to make sure I’m configured correctly, and that I’m not going to get booted from using it

Osiris · August 4, 2025, 9:55am

What does this even mean?

Are we talking about a VPN client of a VPN server that you're trying to set up?

Also, why is this thread posted in Issuance Policy? How is your question related to "policy decisions related to the issuance and renewal of certificates"?

danb35 · August 4, 2025, 10:02am

Tailscale does "magic DNS," where it sets up a subdomain of ts.net for you. Thus, if you want to run a server on your "tailnet," as they call it, you can address it as (say) immich.fruity-cereal.ts.net. But I think TS ordinarily takes care of the certificates itself.

That's correct; Tailscale is an entirely different VPN technology, and authentication is likewise completely different. No certificates are involved.

You definitely don't need to bring your own certificate to use Tailscale.

craigmyco · August 4, 2025, 10:23am

Damn bro, I just said that I’m new to all of this, so a little understanding/patience would be appreciated. Also, I attempted to change the topic almost immediately after I posted it because I realized it was the wrong category. Anyways, if you all are saying I don’t need a certificate for my VPN configuration then that’s all I need to know.

craigmyco · August 4, 2025, 10:28am

Thank you. That’s all I really needed to know. Now I can move on.

system · September 3, 2025, 10:28am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Fail to get certificate using tailscale Help	3	579	July 27, 2024
Tailscale certificates Help	20	5837	June 28, 2023
Certificate request fails (DNS-01: zone not found) with tailscale enabled with identical search domain Help	2	159	May 16, 2025
Need help with tailscale and Certbot standalone for new cert Help	30	967	November 3, 2023
How to get certificate and private key for desktop application using TLS protocol for secure communication Help	7	795	August 1, 2021

TLS certificate for Tailscale

Related topics