we just wanted to try out Certify the Web and found out that it doesn’t like local domains.
As we are using our own ACME server (step-ca by smallstep), we can deploy certificates for our internal domains.
Unfortunately Certify the Web says: “One or more domains specified are internal hostnames. Certificates for internal host names are not supported by the Certificate Authority”. Well, in our case it works just fine. We like the GUI and the features of Certify the Web. Is there any chance to add a checkbox for custom Certficate Authorities to allow local (any) host name?
Thanks, yes that’s a really good point. We should just make this a setting on the CA config to allow internal hostnames. We’ll get something into the next update.
You would need to extract the files then copy them into the C:\Program Files\ CertifyTheWeb folder overwriting the existing few files, then edit your C:\ProgramData\ca.json to add "AllowInternalHostnames": true to your CA config. Then, restart the Certify service and the UI.
I really appreciate your fast help. I did as you said. Replaced the 4 files from the zip-file (they were from 7th of September, is that correct?), changed the config, restarted the service and the GUI but it still says that local hostnames are not allowed.
I have the same issues.
“Certificates for internal host names are not supported by the Certificate Authority”
unfortunately the link with the solution to download does not work.
Could you upload it again?
Thanks
That link is no longer current and the latest version should support this functionality. Did you try configuring C:\ProgramData\ca.json to set "AllowInternalHostnames": true ?
Note that you can only use internal hostnames with a custom CA, not public CAs like Let’s Encrypt etc (they can only validate fully qualified hostnames within a public domain).
Ok, so you are not using a custom CA, that means you are probably using Let’s Encrypt which does not support internal hostnames for certificates. If you know you want to use a custom internal CA (such as smallstep ca) see Certificate Authorities | Certify The Web Docs
I’m not using a custom CA…
The host I would like to certify is not internal.
Using “win-acme” I have no problem with my host, while “certify” recognizes my host as internal.
“win-acme” also uses “letsencrypt”
Ah, so that sounds like a potential bug - our code checks for hostnames that have no . in the name or which end in .local and classifies these are internal names. If you can give an example hostname that doesn’t work I’m sure we can find the problem.
If I enter the domain as info-ss-as-block-as-info.xxxxxxxx.net it works OK, if I try to add info-ss-as-block-as-info.xxxxxxxx. net it will see this as two domains because of the space in the name and add them as two entries info-ss-as-block-as-info.xxxxxxxx. and net. net would then be interpreted as a local host name.
Please note that domains/hostnames cannot contain a space.
No, there is no space before “.net” it was just a typo here in an attempt to censor my domain.
I don’t want it to be public.
Could it be a problem of maximum characters that the program accepts?
the name I’m trying to validate is this:
“info-ss-xxxxxxxx-as-block-as-info.xxxxxxxx.net”
“xxxxxxxx.net” is my domain name
It’s unlikely to be character length, can you email support {at} certifytheweb.com with details of the problem and the actual real domain to test with, we can then discuss it via email.
