we just wanted to try out Certify the Web and found out that it doesn’t like local domains.
As we are using our own ACME server (step-ca by smallstep), we can deploy certificates for our internal domains.
Unfortunately Certify the Web says: “One or more domains specified are internal hostnames. Certificates for internal host names are not supported by the Certificate Authority”. Well, in our case it works just fine. We like the GUI and the features of Certify the Web. Is there any chance to add a checkbox for custom Certficate Authorities to allow local (any) host name?
You would need to extract the files then copy them into the C:\Program Files\ CertifyTheWeb folder overwriting the existing few files, then edit your C:\ProgramData\ca.json to add "AllowInternalHostnames": true to your CA config. Then, restart the Certify service and the UI.
I really appreciate your fast help. I did as you said. Replaced the 4 files from the zip-file (they were from 7th of September, is that correct?), changed the config, restarted the service and the GUI but it still says that local hostnames are not allowed.
I have the same issues.
“Certificates for internal host names are not supported by the Certificate Authority”
unfortunately the link with the solution to download does not work.
Could you upload it again?
Ok, so you are not using a custom CA, that means you are probably using Let’s Encrypt which does not support internal hostnames for certificates. If you know you want to use a custom internal CA (such as smallstep ca) see Certificate Authorities | Certify The Web Docs
I’m not using a custom CA…
The host I would like to certify is not internal.
Using “win-acme” I have no problem with my host, while “certify” recognizes my host as internal.
“win-acme” also uses “letsencrypt”
Ah, so that sounds like a potential bug - our code checks for hostnames that have no . in the name or which end in .local and classifies these are internal names. If you can give an example hostname that doesn’t work I’m sure we can find the problem.
If I enter the domain as info-ss-as-block-as-info.xxxxxxxx.net it works OK, if I try to add info-ss-as-block-as-info.xxxxxxxx. net it will see this as two domains because of the space in the name and add them as two entries info-ss-as-block-as-info.xxxxxxxx. and net. net would then be interpreted as a local host name.
Please note that domains/hostnames cannot contain a space.
No, there is no space before “.net” it was just a typo here in an attempt to censor my domain.
I don’t want it to be public.
Could it be a problem of maximum characters that the program accepts?
the name I’m trying to validate is this:
“xxxxxxxx.net” is my domain name