Let's Encrypt

Let’s Encrypt (LE) has been a popular choice to get certs for public websites. Because it’s free and automated. But how to get certs for private websites, which are common in company’s intranet?

Problem

• There’s a web app in your company’s intranet.
• The web app has a fully qualified domain name (FQDN), e.g. foo.example.com, not an internal one like foo.internal.
• It only resolves to a private IP behind VPN. Therefore, it’s inaccessible without a valid VPN.
• You want to add an extra layer of security by enabling HTTPS.

How to get a cert for it? And how to automate it and get it for free?

Update [2017 Aug 5]: Certbot has been developed by EFF and others as an easy-to-use automatic client that fetches and deploys SSL/TLS certificates. I would recommend using it.

Why

Since you are here, you probably know what Let’s Encrypt is and why it exists. If not, below is an executive summary (copied from here):

Anyone who has gone through the trouble of setting up a secure website knows what a hassle getting and maintaining a certificate can be. Let’s Encrypt automates away the pain and lets site operators turn on and manage HTTPS with simple commands.

»