I am trying to install a certificate for https://mail.dfiel.com. When I try to use --apache I get this error:
Failed authorization procedure. mail.dfiel.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to host for DVSNI challenge
I am going to assume this is coming from the fact that this is a reverse proxy server. Each subdomain has ProxyPass rules to move most domains to my IIS server, but some to Exchange (this domain) and some special applications are routed elsewhere.
How can I use ProxyPass, but still complete the verification portion of Let’s Encrypt?
Hi, in this configuration I think DVSNI will never work so I would suggest using --webroot instead of --apache because it will use a challenge type that will work OK with a proxy. You’ll also have to specify a directory inside the webroot of your Apache server where the client can write files.
It’s just the “web root”, that is, whatever directory on your server is the top level for your site’s content (where the site’s main index.html or equivalent would go). It might be something like /var/www or /var/www/html, if you only have a single web site on that server.