For instance how can I use my *.domain.com SSL certs and NPM to route containers to a subdomain without exposing them? The main domain is exposed.
For instance how can I use my *.domain.com SSL certs and NPM to route containers to a subdomain without exposing them? The main domain is exposed.
https://www.freecodecamp.org/news/docker-nginx-letsencrypt-easy-secure-reverse-proxy-40165ba3aee2/
OP is asking for cases where you don’t want to allow the service (or reverse proxy) to be accessible via the web.
As I understand it, OP just wants to hide (=remove) the subdomains from the public URLs.
I guess they need a CA then
https://smallstep.com/docs/step-ca/
They do not. See my other reply about DNS verification.
Your response clearly states publicly accessible DNS. A CA does not require anything public for local SSL and can work in conjunction with whatever service they want for that which is public.
Fair, I don’t know why I read OPs post as asking for let’s encrypt certs. Internal CA is indeed an option.