Comment by 0x457
Only thing required for this setup to work: client needs to be able to resolve domain to internal ip.
I have wireguard mesh with a bunch of services that use LE for TLS that have no access to interwebs and not accessible from interwebs.
how are you renewing the LE certificate if the domain is resolving to an internal ip? this seems like a big hoop to jump through.