I am developing a website for LAN usage. This website needs to use SSL. I am using a .lan
domain name to access it from other PC’s. However, this domain name is not accepted by Let’s Encrypt as it is not a public domain name. I’ve read about adding the certificate as trusted certificate, but I prefer not to use this option, since that would mean I would need to add it to all PC’s on the local network.
Now I am getting the ERR_CERT_AUTHORITY_INVALID
warning before I can enter the page from a different PC on the network. Is there a way to avoid this error or for Let’s Encrypt to accept my local domain?
2
Answers
If you are using a self signed certificate or a self signed CA then the only way to avoid the
ERR_CERT_AUTHORITY_INVALID
error is to have your certificate/CA installed as a trust issuer. This is pretty typical and can be done by the domain controller.Public Certificate Authorities cannot issue certificates to private domains.
No, there is no way to do this, at least not for free.
Let’s Encrypt can’t verify you own the domain, because well it does not really exist. But this is one of the steps of how they get you a certificate.
If you added a self signed cert to your website all computers on the LAN must trust your CA, as you described this not a wanted behaviour.
You could just stick to a HTTP-only website, but for one some browsers would warn your users about this page, because it is not secure and it would be possible for other user on the same network to see passwords and other personal information when they communicate with the website.
Two things you could try are:
You could try to get a cert by a “normal” CA. You would pay them to do this, so maybe they can help you with a cert for a .lan domain. But I’m not so sure about that.