Skip to content
/ intercert Public

Use Let's Encrypt on private (LAN) servers using DNS validation

License

MIT license
74 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

evenh/intercert

BranchesTags

Repository files navigation

intercert Build Status Go Report Card

Brings Let's Encrypt to LAN and other locked down environments.

This is a work in progress (unstable). Contributions are very welcome!

How it works

  1. A server instance is running somewhere in your network infrastructure, with network access to your DNS provider of choice and the ACME directory you'll want to use (Let's Encrypt most likely).
    The server is configured with the DNS names you control (e.g. somecompany.io and other.co).
  2. Clients are deployed on the machines where you need the certificates for your applications.
  3. Certificates magically appear on the client machine in the directory you've configured.

Deployment diagram

                                                                                        
                                             LAN                                        
  +------------------------------------------------------------------------------------+
  |                                                                                    |
  |                                                                                    |
  |                                                                                    |
  |                     Server 1                                                       |
  |  +--------------------------------------------+                                    |
  |  |                                            |                                    |
  |  | my-db.somecompany.io                       |                                    |
  |  |  app1.somecompany.io   intercert (client)  |                                    |
  |  |  app2.somecompany.io                       |          +-----------------------+ |
  |  +--------------------------------------------+----------|                       | |
  |                                                          |                       | |
  |                     Server N                             |   intercert (server)  | |
  |  +--------------------------------------------+----------|                       | |
  |  |                                            |          +-----------------------+ |
  |  | redis.somecompany.io                       |           /                   |    |
  |  |    intranet.other.co   intercert (client)  |          /                    |    |
  |  |                                            |         /                     |    |
  |  +--------------------------------------------+        /                      |    |
  |                                                       /                       |    |
  +------------------------------------------------------/------------------------|----+
                                      +------------------        +----------------|-+   
                                      |                 |        |                  |   
                                      |   DNS-provider  |        |   ACME provider  |   
                                      |                 |        |                  |   
                                      +-----------------+        +------------------+

Thanks

A huge thanks to these projects

  • certmagic - does the hard work for intercert
  • lego - the underpinning library for certmagic, and provides the DNS validation capability

About

Use Let's Encrypt on private (LAN) servers using DNS validation

Topics

dns letsencrypt acme internal-network

Resources

Readme

License

MIT license
Activity

Stars

74 stars

Watchers

3 watching

Forks

6 forks
Report repository

Releases

2 tags

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages