30 May
2020
30 May
'20
5:07 p.m.
Hi,
Sadly it is not always possible what with the large
range of devices
that use certs. Things that aren't "real hosts" like IPMI/BMC,
firewall and loadbalancer appliances for example, can restrict you
to a manual process.
You should be able to get a Lets Encrypt certificate for such devices, even
if they have private IP addresses, provided they have names in the Global
DNS.
The DNS-01 protocol (rather than HTTP-01) will allow you to prove the
ownership of those names with DNS records.
Then it's "just" a question of working out how to upload those certificates
in a more-or-less automated way to the devices themselves...
Best wishes,
@ndy
--
andyjpb(a)ashurst.eu.org
http://www.ashurst.eu.org/
0x7EBA75FF