Obtain Let's Encrypt SSL Certificate for Internal Server on Internal DNS Server

I currently run an organization and we use a internal website that is hosted within our network that runs a Gitea Server so that we are able to access important documents without having to rely on a third-party service.

I have already setup a DNS server using MaraDNS that routes to the proper IP address. We also run additional applications on this server (such as an internal REST API) but have been currently relying on self-signed certificates. I do not like the way some browsers and libraries such as LibCURL handles these types of certificates, as I am starting to find the fixing these errors tedious and a total pain.

I would like to obtain a certificate for my server using the Let's Encrypt service; since the CA is well recognized in browsers, along with not having to pay a fee every time I renew the certificate.

How would I go about obtaining this?

Let's Encrypt is intended for public facing services, and does not support entirely internal names not accessible to the global Internet.

The first requirement for obtaining a LE certificate is that the hostname(s) for which you want a certificate must exist, or be able to be created, in the global DNS.

Once that is satisfied, you have two options for challenges: HTTP-01 and DNS-01.

HTTP-01 verifies your control of the hostname by connecting to an HTTP server on port 80 at that name using either IPv6 or IPv4. Obviously the name must have an appropriate address record in the global DNS.

DNS-01 allows you to verify a hostname by setting a specific TXT record in the global DNS. Generally this is automated using an API from a supported DNS provider, but can also be done manually if your global DNS records are not hosted by a supported provider.

It may be possible for you to work around these restrictions and manage to get a certificate, but that depends on many details of your environment which you have not provided. You can give it some thought and perhaps you might find a way to do it.