Hey everyone! I'm looking for some insights on using Let's Encrypt certificates specifically for a Network Policy Server (NPS). I've heard that Let's Encrypt doesn't provide certificates for internal resources, but I'm wondering if there's a workaround for this. I'd like to try it out for my home WiFi as a proof of concept for work. Currently, I'm working with a UDMPro and a UniFi AP 7 Access Point, and I'm aiming to connect them to a Server 2025 Domain Controller. Any thoughts or experiences would be greatly appreciated!
5 Answers
I bought a cheap domain and used DNS API with Cloudflare for my media server. I managed to automate the cert process for wildcard certs. Just ensure that your system refreshes at least weekly to catch updates; I found a way to do this through Ansible, so that might help too! Good luck!
Yeah, I've looked into this! Just to clarify, Let's Encrypt certificates aren't just for external domains. If you're using HTTP validation, you have other options for proving ownership. Check with your DNS provider for API integration, it can help automate the setup and renewals. You can definitely make it work with some clever scripting!
It’s definitely doable if you get a domain for internal use. I use the DNS challenge method with the Cloudflare Certbot plugin and it works well. Just remember to automate the cert retrieval and installation process.
You can absolutely do this, but it requires a bit of setup. I found some GitHub scripts that can help automate cert renewals with Let's Encrypt for NPS. You'll want those scripts since the certs expire every 90 days!
Just a heads-up: Let's Encrypt is changing their policies soon, and they may stop issuing certain types of certificates. This might affect how well NPS can authenticate. Setting up your own internal PKI might be the long-term solution here, especially if you need consistent functionality.
Right! But just to add, they really do need the public domain for external verification. So, you can’t get a cert for something like home.local.