Certbot renew request through nginx reverse proxy

Hello!
My question is similar to this https://community.letsencrypt.org/t/about-letsencrypt-behind-a-reverse-proxy/23956
The only difference is i use nginx on backend server.
I got bunch of web-server (nginx) inside of private network that runs certbot for certificate renewal, certificates stores on each server. We have router with single public IP. I want configure something like reverse proxy for it. All of domain name will point to public IP, map public ip and 80/tcp port to this reverse proxy, and this proxy would pass requests from 80 port to 80 port of backend web-servers. Or maybe it can be something different that would pass certbot renewal request.

This for the one backend

server {
    listen       80;
    server_name  domain1.example.com;
    server_name  domain2.example.com;
    server_name  domain3.example.com;
    server_name  domain4.example.com;

        location / {
                proxy_pass http://privateip_srv1$request_uri;
                proxy_set_header Host $host;
                proxy_ssl_server_name   on;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Real-IP $remote_addr;
                }
}

This for second backend and so on

server {
    listen       80;
    server_name  domain100.example.com;
    server_name  domain200.example.com;
    server_name  domain300.example.com;
    server_name  domain400.example.com;

        location / {
                proxy_pass http://privateip_srv2$request_uri;
                proxy_set_header Host $host;
                proxy_ssl_server_name   on;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Real-IP $remote_addr;
                }
}

But this doesn't work as i expected. What i am missing?
Thanks in advance

What was the expected result?

What was the actual result?

3 Likes

expected result was that privateip_srv1 and privateip_srv2 server would update their certificates using certbot. What i got is error

Fetching
   http://domain1.example.com/.well-known/acme-challenge/lIxFYp7QhEPS-_VwEIkz8PxoUvYc506vrs7RA-gnkKU:
   Error getting validation data

Do you see the requests in the nginx logs on the private servers?

3 Likes

While testing, you should also log the requests in the reverse-proxy.
Ensure each step of the way is working.

Also, use only the staging environment until all testing has been completed.

2 Likes