Using letsecrypt in Company

Good evening all,

is it possible to use letsencrypt inside a small company (domain) for a intranet Site?
The site is not availible from Internet just in company domain.

Thanks in advance and best regards

2 Likes

Yes, it possible. Probably, since you do not want to allow inbound HTTP access to your web server sitting on your intranet, you must fulfill DNS-01 challenge instead of HTTP-01 for that domain name.

3 Likes

In addition to what @bruncsak said, you must still use a real, unique domain that you own (or at least control) for your intranet machines.

3 Likes

Hello and thx for answer and also sry for my reply.
I tried today but have the problem to connect to a acme server.
[EROR] Unable to connect to ACME server
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure...

I search in internet and find some sites but dont find a solution.
Can some one help me to solve this issue on a Win2019 machine pls.

Thanks in advance and have a nice day

1 Like

Hello all,

I get the following error if I start the win-acme (wacs.exe) to use letsencrypt .
I search in internet and find some sites but dont find a solution probably because of my bad english.
Can some one help me to solve this issue on a new installed Win2019 machine pls.

[EROR] Unable to connect to ACME server
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure...

Thanks in advance and have a nice day

3 Likes

On that Windows 2019 machine, are you able to successfully open https://acme-v02.api.letsencrypt.org in a browser?

3 Likes

Hy _az and thx for your answer.
No i cant open the site.
I tried to put it to trusted sites and its also not open.

Any ideas?
Thx in advance

3 Likes

That's pretty weird! Sounds like something is wrong with the Trusted Roots on that server.

They usually get updated via Windows Update, is this server fully patched?

You might be able to manually download the "TrustID X3" root from https://www.identrust.com/support/downloads and install it to your server's trust store. But it's probably a better idea to try fix this via Windows Update or whatever.

3 Likes

Are you in a country, or on an ISP, that is banning access to LE?
Do your DNS servers resolve other sites?

2 Likes

Hello,

the server is or was full patched and there is no more updates availible.
I will try tomorrow with manually downloading "TrusID X3" and let you know.

@rg305
I dont think so because nslookup show me an intern address and
with tracert i got 13 hops and from the 13 are the 1 Hop and 5-11 Hops with the msg Request timed out.
Tested-Url: acme-v02.api.letsencrypt.org

Thanks and gd night

3 Likes

You could do a very basic connectivity tests with:
telnet acme-v02.api.letsencrypt.org 80
telnet acme-v02.api.letsencrypt.org 443

If they are successful, then it is most likely the trust issue.

2 Likes

Hello and thx for answer.
I think there is a generally problem with the new installed server.
telnet result:

telnet acme-v02.api.letsencrypt.org 80
Connecting To acme-v02.api.letsencrypt.org...Could not open connection to the host, on port 80: Connect failed

Seems like that I must try to solve the problem 1st and then trying again with letsencrypt :frowning:

@griffin
sry I'm new here and cant find how to merge 2 topics. Can you do it or explain me pls.

Thx in advance and beste regards

3 Likes

The merge request was directed at site moderators (you don't need to do anything):
image

2 Likes

No worries my friend. :slightly_smiling_face: We just like to keep things tidy and reduce duplication and splitting attention.

@JamesLE

Thanks James! :slightly_smiling_face:

1 Like

FYI for everyone helping:

2 Likes

What about on port 443?
telnet acme-v02.api.letsencrypt.org 443

[don't be shy - get involved and be heard - start with: if you see something you like, then like it :heart:]

2 Likes