DigiNews

Tech Watch by Johan Denoyer

← Back to articles

TLS certificates for internal services done right

Quality: 8/10 Relevance: 9/10

Summary

This article outlines a practical method for provisioning TLS certificates for internal services using split-horizon DNS, a VPN DNS resolver (NetBird), an ACME client (acme.sh) with Let’s Encrypt, and an nginx-based reverse proxy with a WAF. It explains why private TLDs like .internal are problematic, and shows a concrete, code-based approach to issuing and renewing certificates and wiring DNS so internal services remain secure and accessible.

🚀 Service construit par Johan Denoyer