VMware Internal Servers

enterprise · June 13, 2019, 10:45pm

Hello,

I’m not sure if this has been answered before but all the posts I’ve seen so far are not quite similar to the issue I have.

I’ve got a domain that I use for all my internal VMs and VMware infrastructure machines (ESXi hosts and vCenter). The domain is local.domain.com. domain.com is a public registered domain. I’ve got a public DNS server built with BIND and I’m wondering how I can get a LE certificate for my server esxi.local.domain.com

Please, can someone point me in the right direction?

Thank you.

JuergenAuer · June 14, 2019, 7:55am

Hi @enterprise

if you have a public visible domain, then you should be able to create certificates.

Start with the basics

then select a client.

You may use dns-01 validation. Perhaps check acme.sh.

enterprise · June 14, 2019, 10:42am

Hi @JuergenAuer

Thanks for the reply.

I guess my issue is that local.domain.com is not visible on the internet only domain.com is.
The FQDN of the machine I want a certificate for is esxi-01.local.domain.com and I am not sure how to make it visible on the internet. I guess this is not in your purview but I’d appreciate any pointers.

P.S domain.com is configured on a BIND server.

Cheers

JuergenAuer · June 14, 2019, 10:47am

There is no A-record required if you use dns-01 validation.

Only a DNS TXT entry (_acme-challenge.local.domain.com) is required.

That entry must be public visible.

enterprise · June 14, 2019, 8:59pm

Oh thanks. Does this mean creating a DNS TXT entry on the zone file for domain.com?

JuergenAuer · June 14, 2019, 9:11pm

Yes. Please check

rmbolger · June 14, 2019, 9:15pm

Yes. Using your example…if the public DNS only has a domain.com zone and no local.domain.com sub-zone, your TXT record would end up being _acme-challenge.esxi.local in the domain.com zone rather than _acme-challenge.esxi in the local.domain.com zone.