Letsencrypt certificates for intranet

tsilva · March 9, 2023, 3:40pm

SYSTEM INFORMATION
OS type and version	Debian Linux 12.0
Webmin version	2.013
Virtualmin version	7.5
Usermin version	1.861

I’m trying to figure out the best way to get the letsEncrypt certificates through DNS challenge working because only the VPN port will be open to allow access to internal network.

The idea is to have sub-servers to each sub-domain/services and respective BIND zones working to resolve them after a VPN connection.
There is also a route53 NS to resolve external sub-domains likevpn.domain.com and www.domain.com (located on another server)

So as far as I can check virtualmin letsEncrypt DNS challenge will use BIND to get the respective IP address that will never be reached by letsEncrypt.

I know that running the following command will successfully receive a certificate:

certbot certonly --dns-route53 -d cloud.domain.com

So I’m kind stalled here to understand what’s the best option.

If there is a better approach using only webmin/virtualmin
prepare an external script to replace virtualmin certificates with ones already received

Suggestions are well appreciated

Joe · March 10, 2023, 1:49am

Virtualmin supports Route 53 hosted DNS, and if Virtualmin is managing DNS, it can make DNS validated requests. I’m pretty sure Route 53 support is in GPL (while all the other cloud DNS providers are only in Pro), but maybe I’m wrong about that. It’d be in Addresses and Networking->Cloud DNS Providers, if so.

system · March 18, 2023, 1:49am

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.