Private CAs for Internal Certs
Cluster focuses on recommendations to use private or self-signed Certificate Authorities for internal servers and domains, as alternatives to public CAs like Let's Encrypt which don't support non-public domains.
Activity Over Time
Top Contributors
Keywords
Sample Comments
Couldn't you just set up a Private CA since you'd have to customize things anyways?
Using an external service as a way of setting up internal-only certificates? No thanks.
I don't see why anyone wouldn't issue certificates from a private CA for this use case.
Self signed internal CA for private use all day + mandatory client certs. Internal approved CA for business. Never see a need to change this. This Lets encrypt stuff is faddish to me.
You can solve this by setting up your own Certificate Authority.
You could run your own CA if everyone trusts you. Or you could set up DNS which is probably a better idea.
Any reason you can't get a cert for those machines as if they were going to be https hosts, and use that?
Pre-LE you'd use an other authority that provided wildcard certificates. That's what they're for after all, why would you want to hack your way around them?
You can use a public CA like LetsEncrypt then. Exposes you to the certificate log but you should be secured already anyways. Just have to use the DNS challenge (unless you wanna poke a hole for certbot) to grab it
Is there a reason they didn't just use a wildcard certificate - wouldn't that make this so much simpler?