Hi,
I have a Windows IIS ARR Proxy server installed. Windows IIS ARR Proxy server will handle all port 80 and port 443 requests to different servers inside the network. I want to use Certify on the Proxy Server and I want to install an ACME-DNS for DNS-01 challenge.
Firewall forwarded port 80 and 443 to 192.168.1.5 and port 53 to 192.168.1.62
Windows IIS ARR Proxy server - 192.168.1.5 (All SSL Certs on this server)
Windows IIS Server(Port 80) - 192.168.1.16 and 192.168.1.18
Windows IIS Server(Port 443) - 192.168.1.23 and 192.168.1.27
acme-dns server(Port53) - 192.168.1.62
I followed this guide: https://jaletzki.de/posts/acme-dns-on-centos-7/ to set up the linux server and I am very confused with this website.
On the public DNS. I created two entries as below.
acme-dns.mydomain.ca. A 128.123.123.123 (My acme-dns server public IP)
acme-dns.mydomain.ca NS acme-dns.mydomain.ca.
When I tired to edit the config file
--------------Start Config.cfg ----------------------
listen = “:53”
protocol, “both”, “both4”, “both6”, “udp”, “udp4”, “udp6” or “tcp”, “tcp4”, “tcp6”
protocol = “both”
domain name to serve the requests off of
domain = “acme-dns.mydomain.ca”
zone name server
nsname = “acme-dns.mydomain.ca”
admin email address, where @ is substituted with .
nsadmin = “administrator.mydomain.ca”
predefined records served in addition to the TXT
records = [
# domain pointing to the public IP of your acme-dns server
“acme-dns.mydomain.ca. A 128.123.123.123”,
# specify that auth.example.org will resolve any *.auth.example.org records
“acme-dns.mydomain.ca. NS acme-dns.mydomain.ca.”,
]
debug messages from CORS etc
debug = false
[database]
Database engine to use, sqlite3 or postgres
engine = “sqlite3”
Connection string, filename for sqlite3 and postgres://$username:$password@$host/$db_name for postgres
Please note that the default Docker image uses path /var/lib/acme-dns/acme-dns.db for sqlite3
connection = “/var/lib/acme-dns/acme-dns.db”
connection = “postgres://user:password@localhost/acmedns_db”
[api]
domain name to listen requests for, mandatory if using tls = “letsencrypt”
api_domain = “acme-dns.mydomain.ca”
listen ip eg. 127.0.0.1
ip = “127.0.0.1”
disable registration endpoint
disable_registration = false
autocert HTTP port, eg. 80 for answering Let’s Encrypt HTTP-01 challenges. Mandatory if using tls = “letsencrypt”.
autocert_port = “80”
listen port, eg. 443 for default HTTPS
port = “443”
possible values: “letsencrypt”, “cert”, “none”
tls = “letsencrypt”
only used if tls = “cert”
tls_cert_privkey = “/etc/tls/mydomain.ca/privkey.pem”
tls_cert_fullchain = “/etc/tls/mydomain.ca/fullchain.pem”
only used if tls = “letsencrypt”
acme_cache_dir = “api-certs”
CORS AllowOrigins, wildcards can be used
corsorigins = [
“*”
]
use HTTP header to get the client ip
use_header = false
header name to pull the ip address / list of ip addresses from
header_name = “X-Forwarded-For”
[logconfig]
logging level: “error”, “warning”, “info” or “debug”
loglevel = “debug”
possible values: stdout, TODO file & integrations
logtype = “stdout”
file path for logfile TODO
logfile = “./acme-dns.log”
format, either “json” or “text”
logformat = “text”
-------------end config.cfg ------------------------------
Now, my questions are:
(1) inside the config.cfg. There is port 80 and 443. Can I modify it using different ports? What is the purpose of those setting?
(2) How can I set up the Certify on the Proxy Server