Custom ACME, local internal domain

Hi,

we just wanted to try out Certify the Web and found out that it doesn’t like local domains.
As we are using our own ACME server (step-ca by smallstep), we can deploy certificates for our internal domains.
Unfortunately Certify the Web says: “One or more domains specified are internal hostnames. Certificates for internal host names are not supported by the Certificate Authority”. Well, in our case it works just fine. We like the GUI and the features of Certify the Web. Is there any chance to add a checkbox for custom Certficate Authorities to allow local (any) host name?

Best regards

Thanks, yes that’s a really good point. We should just make this a setting on the CA config to allow internal hostnames. We’ll get something into the next update.

Ok, if you like you can try this patch:
https://certifytheweb.s3.us-east-1.amazonaws.com/downloads/test/CA_Config_Patch.zip

You would need to extract the files then copy them into the C:\Program Files\ CertifyTheWeb folder overwriting the existing few files, then edit your C:\ProgramData\ca.json to add "AllowInternalHostnames": true to your CA config. Then, restart the Certify service and the UI.

I really appreciate your fast help. I did as you said. Replaced the 4 files from the zip-file (they were from 7th of September, is that correct?), changed the config, restarted the service and the GUI but it still says that local hostnames are not allowed.

Oops, sorry, I was so fast I didn’t wait long enough for the correct files to update. I’ve re-uploaded that patch now for you to try.

Thank you very much. It works. I was able to get a certificate for a host in our internal domain.
Great support!

1 Like

Awesome, thanks for testing, the fix will also be included in the next update.