Of course, the first time I try an SSL certificate I have to have a complicated setup.
I am running several web servers on different machines/ip addresses in my network. I use Apache’s virtualhost to proxy from a proxy server based on passed in URL.
URL’s I’m working with are “riodevaca.com”, “nationalsaanenbreeders.org”, “astro-farmer.com” and “hempenings.com”. The last one is a “dead” project and is my test platform to get this working.
Reverse Proxy works great for http protocol, port 80, but I need to https, port 443 as soon as I figure it out.
Public IP: 174.71.159.137. Proxy is debian 9 running apache2 on 192.168.1.149. Port 80 on my router goes to this machine. This apache server uses reverse proxy to route hempenings.com to 192.168.1.126 as that is the network IP of the dedicated machine to serve a drupal 8/apache site.
Copying the certificate from the /etc/letsencrypt/live path from …126 to …149 and adding port 443 to the virtualhosts in the apache configuration file gives the results below.
What is needed to get this to work?
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: hempenings.com
I ran this command: attempting to transfer generated keys to proxy
It produced this output: the certificate is only valid for the following names: linksyssmartwifi.com, www.linksyssmartwifi.com, myrouter.local, EA6350.home.linksys.com
My web server is (include version):apache 2.4
The operating system my web server runs on is (include version)Debian 10
My hosting provider, if applicable, is:self
I can login to a root shell on my machine (yes or no, or I don’t know):yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): 0.13.0
Is there a simple way to proxy SSL connections?