While wiring up a proof of concept, I am attempting to determine if a public certificate can be used to secure https requests flowing from public facing web servers to an internal/private Application Load Balancer. The certificate would be on the internal ALB. From what I read in this article, I'd expect that a public certificate can be used and would be easier to configure/maintain/deploy.
Do I need a private certificate for an internal/private Application Load Balancer or will a public certificate serve the same purpose?
Public certificates can only be created and verified for domain names which are publicly accessible.
To issue you a certificate, the certificate authority requires you to present public proof of ownership such as solving a DNS challenge.
If the domain that you want to issue the certificate for is private then you won't be able to issue a public certificate for it.