Replies: 4 comments
-
|
Hello,
I’m getting ready to do this as well, so I’m very interested in this thread.
This isn’t an entire solution, but I think the trick involves buying a domain that Let’s Encrypt can actually work with, and using that domain internally only, without any exposure to the internet.
Jeff Geerling (see YouTube) has a .li domain he purchased that he uses for internal addressing.
…I just don’t understand how to do it yet.
… On Nov 7, 2023, at 4:04 AM, Fizzy77 ***@***.***> wrote:
I'm trying to get this up for the first time and had no problems for sites I am exposing publicly, with public DNS etc.
I would like to also use internal for services I am not exposing publicly but get an "internal error". I am assuming this is because the subdomain I am using can't be resolved by Lets Encrypt? If I'm reading the below warning correctly...
⚠ warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-31" --agree-tos --authenticator webroot --email "" --preferred-challenges "dns,http" --domains "**"
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
—
Reply to this email directly, view it on GitHub <#3307>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AGI5CYRAWHN7PTSJBTGIYODYDIBULAVCNFSM6AAAAAA7A44JU6VHI2DSMVQWIX3LMV43ERDJONRXK43TNFXW4OZVHAZDEMZTHE>.
You are receiving this because you are subscribed to this thread.
|
Beta Was this translation helpful? Give feedback.
-
|
I have my own domain. I am split-horizoning it. So my home LAN has it's own DNS servers and entries for the resources I have but pointing to local IPs. My public DNS points to my public IP. I would like to be able to use my LAN DNS only for some resources that I do not intend to make available outside the LAN. |
Beta Was this translation helpful? Give feedback.
-
|
I think I now understand that this isn't possible with LE as they can't verify the server etc. Which makes sense. So a self signed cert or setting up my own CA for internal certs is the solution. |
Beta Was this translation helpful? Give feedback.
-
|
Well, it actually is possible, depending on your needs. The most secure way to do is, would probably to use a DNS plugin which you connect to your domain providers api. You can also do this with Port 80 or Port 443 verification, but you have to be more careful not to accidentally expose any services you want to use internally |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I'm trying to get this up for the first time and had no problems for sites I am exposing publicly, with public DNS etc.
I would like to also use internal for services I am not exposing publicly but get an "internal error". I am assuming this is because the subdomain I am using can't be resolved by Lets Encrypt? If I'm reading the below warning correctly...
⚠ warning Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-31" --agree-tos --authenticator webroot --email "" --preferred-challenges "dns,http" --domains "**"
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Beta Was this translation helpful? Give feedback.
All reactions