Sorry this is a day late, but how do you get certificates for internal services? Do you manually trust them on each client? Or do you have a wildcard cert from a public server? Is there some cleaner way to manage internal HTTPS?
I resolve internal services as subdomains of a domain I own. I use a wildcard I get assigned on an EC2. I script an sftp upload of the a new cert every renewal to my main internal machine where it is shared via nfs. This is the simplest way I've found.
