1

I tried to install Let's Encrypt on my local server. But I could not because it threw errors that I need a fully qualified domain name (FQDN). I use server.arch.local as my hostname. Does it not comply as a FQDN? Now I have started to wonder whether SSL certificates can be used on a locally hosted website. If anybody can clear my doubts or show me where to look for details about it I would be greatful.

Just Khaithang
  • 113
  • 1
  • 6

2 Answers2

6

I would split it to two separate questions...

  • Can a SSL certificate be used on locally hosted website

Yes, SSL certificate can be used on locally hosted website. From technical point of view it make no difference if it is locally or not.

  • FQDN

server.arch.local fulfil technical requirements for FQDN but once there is publicly trusted CA they can't provide certificate which would point to the domain which is not "public" in the meaning of "." chain for DNS system. It is related to subject (CN) and also to the SAN (Subject Alt Name). This limitation is not related only to Let's Encrypt but let say general requirements.

How to make it work

public domain

You can buy any (feel free to pick up based on price) public domain and then you can get publicly strusted cert

own cert

  • self sign single cert

In case you will have just this one server you can easily do own self signed cert just the users will have to explicitly set trust on it. You can search some how to how to do it or if you want to have just something to test you can try

openssl req -newkey rsa:2048 -x509 -subj "/CN=server.arch.local" -keyout /tmp/server-key.pem -out /tmp/server-cert.pem -days 3650 -nodes

This "simple" certificate does not have SAN nor x509 extension but as it is self sign it would be anyway explicitly set as trusted manually. It will be accepted by the server.

  • self signed CA

In case you would like to have more servers you can create self signed CA which would be set as trust by the users manually and then you can generate cert for each server you will do. For this option there you have to do it properly on level of x509 extensions to have it trusted in the CA chain. It is not so complicated but for that there is not "one line" example ;-).

Kamil J
  • 1,632
  • 1
  • 5
  • 10
4

SSL certificates can be used in a locally hosted website (I guess that means hosted on your own machines), there's really no difference with websites hosted elsewhere.

You can't however get a Let's Encrypt certificate for a domain you don't own. As you don't own server.arch.local you might want to use instead self-signed certificates with your own local CA.

Pedro Perez
  • 6,202
  • 1
  • 11
  • 11