How to run a PWA in a Intranet without a trusted SSL certificate?

Question

I'm setting up a Intranet environment to run a PWA for business purposes in future. But I encountered a problem regarding SSL certificates.

In my plan:

• Everything is on a local network (maybe with no internet access), with a dedicated server in it (i'm using ubuntu server),
• the user access the main page with a computer or phone, in which he install a PWA on his device.

PWA needs HTTPS to work, and I can self-sign certificates (i'm doing it for testing), but it's not a solution for implementating the app because it generate a security error on every browser on the planet with this method.

Importing certificates to browser is not a solution for me because it's a hassle to import the certificate on every user browser (it isn't user friendly), also it's impossible in android without root.

I'm wanting to create a PWA that needs the minimum advanced user help to work, so importing certificates and doing work-arounds is a no no.

Its possible to run a PWA without this certificate problem or I should drop it and begin a standard web app for now ?

Answer 1

I'd say your best option is to purchase a cheap domain that you can use for this.

Then, use internal DNS for the network to point the domain name to your internal server (public can just stay as the default parked page, or whatever you like).

Then, use certbot with the --manual flag to generate a free cert - https://certbot.eff.org/

You'll need to verify DNS to get the trusted SSL from Lets Encrypt via certbot - which is why you need DNS.

As others have mentioned, you could also buy a cheap SSL (if you don't want to mess with certbot).