I'm trying to use existing LE certs with a server on my LAN. I exposed port 443 to get the certs for mine.example.com and https access works fine from the WAN.
However, I assumed (perhaps foolishly) that I might be able to use the same certs internally by setting up DNS redirection (using dnsmasq on a separate box) on my LAN to point mine.example.com to the local IP.
Redirection works fine and points local machines to the internal IP when I go to mine.example.com but the certs now show 'Certificate Authority Invalid' errors.
Perhaps I misunderstand how the CA process works but I assumed that, since LE certs are DNS based, they should still work with local DNS redirection.
Does anyone know how to make this work?
Or can anyone explain why it doesn't work?
I know I can get different certs for local machines from LE but that would mean trying to configure the server to use different certs for internal and external access. Assuming I need to do this, is there an easy way to use different certs depending on source traffic?
I'll be serving web content through nginx and also a Webmin admin panel so it may be relatively easy to do for nginx given the flexibility in the configs (although google hasn't been too helpful here either) but not sure about other web services running on the machine?
P.S. sorry if this turns out to be a duplicate but couldn't find anything with a lot of searching here (or on the Googles).