Using letsencrypt with private DNS


How can letsencrypt be used in split-horizon DNS setup?

I have a subdomain that that is not available from the internet. The IP of the associated machine is also in a private VPC on amazon. I’ve tried assigning a public IP to that machine and running the letsencrypt script from there, but I don’t think that will work since my domain is still not publicly available.

This may have been asked before, but I would appreciate any guidance or suggestions.


I’d have thought the easiest way was to use the DNS challenge ( rather than the http challenge). With the DNS challenge you need to display a given token in the DNS rather than on a web page.

Currently only some of the Alternate clients support this ( I know all the bash ones do). However I think the official client is also very close to supporting this challenge.


As @serverco says, the DNS challenge will work. Remember that, once issued, your certificates will be publicly logged, so your DNS names will become public.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.