I was able to successfully get a Lets Encrypt cert for my PVE box, using the domain: PVE.domain.com, but I am only able to access the server as such. If I connect to the server locally at https;//PVE:8006/, I get an err_cert_common_name_invalid error in chrome. Is there any way to add SANs to the ACME generated certificate?
[SOLVED] ACME Certificate Can't Add Subject Alternative Names?
- Thread starter hypercell
- Start date
-
- Tags
- acme certificate san
To my understanding, no you won't be able to get an ACME certificate for a local only name. ACME uses challenges to verify that the party asking for the certificate actually controls the entity it is trying to acquire a certificate for. The best you can try to do, is to have ACME issue you a wildcard certificate through a DNS challenge [1]. Then you could use that certificate to authenticate a subdomain that gets resolved by your local DNS server only.
At least I don't know how you'd give an ACME provider access to your local network and still have the same security guarantees.
[1]: https://letsencrypt.org/docs/challenge-types/#dns-01-challenge
At least I don't know how you'd give an ACME provider access to your local network and still have the same security guarantees.
[1]: https://letsencrypt.org/docs/challenge-types/#dns-01-challenge