Three servers are in the mix here (all linux/apache). I have let’s encrypt working fine on my proxy server and on my main web server behind the prox.
The problem I’m trying to solve is to get the certs on a second backend server which is just serving a virutal directory (and an application) off the primary server.
<http: or https://all_url> – letsencrypt installed
(server2 main web https)
<https://main_web_server_url> – letsencrypt installed
(server3 secondary app http)
<http://main_web_server_url/subdir> – certbot fails
Certbot fails because it can’t verify the backend server when it’s not a unique domain name - the directory redirect causes the challenge to fail - it can’t deal with the subdirectory.
Domain is http://www.sailtracker.net which is served from the main web server (server2). The subdirectory http://www.sailtracker.net/tracker is served from server3, and there’s no way to specify a subdirectory for verification.
Certbot tries to look for this:
- the following errors were reported by the server
Error getting validation data
I didn’t want to use self-signed certs on the inside network, but can’t figure out how to get letsencrypt certs to work. Any thoughts? Googling I found others using self-signed certs, or wildcard certs with their own purchased CA, but I didn’t get any answers for a free-cert community.