skip to Main Content

I am developing a website for LAN usage. This website needs to use SSL. I am using a .lan domain name to access it from other PC’s. However, this domain name is not accepted by Let’s Encrypt as it is not a public domain name. I’ve read about adding the certificate as trusted certificate, but I prefer not to use this option, since that would mean I would need to add it to all PC’s on the local network.

Now I am getting the ERR_CERT_AUTHORITY_INVALID warning before I can enter the page from a different PC on the network. Is there a way to avoid this error or for Let’s Encrypt to accept my local domain?

2

Answers


  1. If you are using a self signed certificate or a self signed CA then the only way to avoid the ERR_CERT_AUTHORITY_INVALID error is to have your certificate/CA installed as a trust issuer. This is pretty typical and can be done by the domain controller.

    Public Certificate Authorities cannot issue certificates to private domains.

    Login or Signup to reply.
  2. No, there is no way to do this, at least not for free.

    Let’s Encrypt can’t verify you own the domain, because well it does not really exist. But this is one of the steps of how they get you a certificate.

    If you added a self signed cert to your website all computers on the LAN must trust your CA, as you described this not a wanted behaviour.

    You could just stick to a HTTP-only website, but for one some browsers would warn your users about this page, because it is not secure and it would be possible for other user on the same network to see passwords and other personal information when they communicate with the website.

    Two things you could try are:

    1. You could try to get a cert by a “normal” CA. You would pay them to do this, so maybe they can help you with a cert for a .lan domain. But I’m not so sure about that.
    2. You could get a real domain for the service and only put it on the net every so often, so you could use a Let’s Encrypt Cert. Maybe a subdomain would be sufficient for this? That way you won’t need a new domain, if you own some already. If this is in a company / institute context maybe you could use a subdomain of your company / institution website?
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search