Using letsencrypt with private DNS


#1

How can letsencrypt be used in split-horizon DNS setup?

I have a subdomain that that is not available from the internet. The IP of the associated machine is also in a private VPC on amazon. I’ve tried assigning a public IP to that machine and running the letsencrypt script from there, but I don’t think that will work since my domain is still not publicly available.

This may have been asked before, but I would appreciate any guidance or suggestions.


#2

I’d have thought the easiest way was to use the DNS challenge ( rather than the http challenge). With the DNS challenge you need to display a given token in the DNS rather than on a web page.

Currently only some of the Alternate clients support this ( I know all the bash ones do). However I think the official client is also very close to supporting this challenge.


#3

As @serverco says, the DNS challenge will work. Remember that, once issued, your certificates will be publicly logged, so your DNS names will become public.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.