Certificate with cloudflare + nginx proxy issue

Help
1

Hi, i need help to fix this issue, start from the setup:

CLOUDFLARE -> STRICT HTTPS -> NGINX SSL TERMINATOR -> HTTP PROXY TO APACHE WEB SERVER

I'm not able to obtain a letsencrypt certificate for my ssl terminator.

I've try bot standard nginx certbot end webroot:

sudo letsencrypt certonly --webroot --webroot-path /var/www/html --renew-by-de
fault --email info@domain.com --text --agree-tos -d nxws01-webserver-gcp.domain.com

Result:
Challenge failed for domain nxws01-webserver-gcp.domain.com
http-01 challenge for nxws01-webserver-gcp.domain.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

The problem is than webroot try to answer the challeng on webroot-path, but the domain is redirected on apache web server so no one answer the challeng in the ssl terminator.

What are the right way to configure

CLIENT - CLOUDFLARE - SSL TERMINATOR REVERSE PROXY - WEBSERVER?

Both cloudflare and ssl terminator proxy redirect http to https

1 Like
2

Since nginx is bound to port 80, create a rule to have ‘/.well-known’ send all traffic to certbot. You can keep webroot, but I prefer to use “standalone” server mode and proxypass Traffic to it. There is a certbot commandline flag that will run the server on any higher specified port. LetsEncrypt still makes a request on port 8080, but nginx would be configured to proxypass the port 80 /.well-known directory to the higher port.

I define the nginx location block in a file to serve as a macro, and then include that file on all server blocks.

There are many ways to accomplish what you want, the above is my personal preference.

1 Like
3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.