Hacker News new | ask | show | jobs
by makeitdouble 1562 days ago
Looking at guides for LetsEncrypt on internal IPs/domains, it seems to be as painful as creating and managing your own CA: https://geontech.com/using-letsencrypt-ssl-internally/
3 comments
jupp0r 1562 days ago
DNS challenge is easy to pass and automate if you can programmatically add txt records to your DNS zone. Every major cloud provider supports this with command line tools, so it's a matter of moving the DNS zone there and writing a shell script and a cron item in the worst case.
link
pests 1562 days ago
Exactly.

The steps for an intranet or regular domain is exactly the same if you use the DNS challenge as the web server is no longer involved regardless.

link
pests 1558 days ago
I had a chance to skim through the link you posted - they are doing the http challenge verification (in step 6) for some reason which involves forwarding their domain into their internal network.

The DNS methods we already mentioned does not involve any of that - just a simple zone file change or a few clicks in a web UI to add a new record.

link
ivoc 1562 days ago
Can someone productize this as a service please ?
link
jupp0r 1562 days ago
Here you go: https://cloud.google.com/load-balancing/docs/ssl-certificate...
link