Reputation: 33
How to avoid a self signed SSL warning on a LAN website?
I am developing a website for LAN usage. This website needs to use SSL. I am using a .lan domain name to access it from other PC's. However, this domain name is not accepted by Let's Encrypt as it is not a public domain name. I've read about adding the certificate as trusted certificate, but I prefer not to use this option, since that would mean I would need to add it to all PC's on the local network.
Now I am getting the ERR_CERT_AUTHORITY_INVALID warning before I can enter the page from a different PC on the network. Is there a way to avoid this error or for Let's Encrypt to accept my local domain?
Upvotes: 1
Views: 4802
Answers (2)
Reputation: 464
No, there is no way to do this, at least not for free.
Let's Encrypt can't verify you own the domain, because well it does not really exist. But this is one of the steps of how they get you a certificate.
If you added a self signed cert to your website all computers on the LAN must trust your CA, as you described this not a wanted behaviour.
You could just stick to a HTTP-only website, but for one some browsers would warn your users about this page, because it is not secure and it would be possible for other user on the same network to see passwords and other personal information when they communicate with the website.
Two things you could try are:
You could try to get a cert by a "normal" CA. You would pay them to do this, so maybe they can help you with a cert for a .lan domain. But I'm not so sure about that.- You could get a real domain for the service and only put it on the net every so often, so you could use a Let's Encrypt Cert. Maybe a subdomain would be sufficient for this? That way you won't need a new domain, if you own some already. If this is in a company / institute context maybe you could use a subdomain of your company / institution website?
Upvotes: 2
Reputation: 158
If you are using a self signed certificate or a self signed CA then the only way to avoid the ERR_CERT_AUTHORITY_INVALID error is to have your certificate/CA installed as a trust issuer. This is pretty typical and can be done by the domain controller.
Public Certificate Authorities cannot issue certificates to private domains.
Upvotes: 1
Related Questions
- Apache warns that my self-signed certificate is a CA certificate
- Setting up SSL on a local xampp/apache server
- How to solve the problem of self signed SSL certificates for sites intended to be LAN hosted
- Ignoring self signed certificate on apache
- Create self signed certificate for testing localhost and have it accepted by the browsers
- Self-signed certificates and HTTPS Error
- How to avoid browser warning while self sign a SSL certificate?
- Warning when users access website page with self-signed certificates
- Setup an SSL certificate on xampp mac
- Apache - Self assigned SSL Help