On 4/23/23, Patrick O'Callaghan <pocallaghan(a)gmail.com> wrote:
On Mon, 2023-04-24 at 02:36 +0930, Tim via users wrote:
> If you browse to
http://bree.org.uk/ and
https://bree.org.uk/
> do you get the same results?
>
Internally, yes.
If you want a *publicly* trusted certificate the authentication token
from Let's Encrypt or other certificate provider must be made
*publicly* accessible somehow.
For http-01 authentication as used by certbot's apache
auto-configuration and webroot methods your web server must be
publicly accessible on port 80.
For tls-alpn-01 authentication as used by Apache's mod_md module your
web server must be publicly accessible on port 443.
If this is not acceptable consider using dns-01 authentication method
mentioned upthread if your DNS provider has an API or you run your
own, or even a private CA.