Convoluted configuration

I run multiple domains as virtual servers on a NAS on my home network and 4 of these domains are accessible from the internet through my firewall. My dynamic DNS entries are managed by an external provider.

I want to have 4 different certs for the different domains running on an NGINX reverse proxy funneling traffic to 4 virtual servers on a different machine.

What is the best method. One cert for multiple domains?? Or different ones
Second, the challenge question to prove ownership of domain… Do I need to set up text files once the challenge is issued on each of the virtual servers?? Or do I pick the DNS challenge and create new DNS entries for each of the domains on my dynamic dns providers??

Any pointers appreciated

Up to you.

You can do multiple certificates as long as your virtual hosts are separated, which they probably already are.

You can do a combined certificate in any case.

I don't think so. Just running Certbot on the reverse proxy machine should suffice:

sudo certbot --nginx -d a.example.com
sudo certbot --nginx -d b.example.com

The requests will be intercepted and won't even make it to your backend servers, so you don't need to worry about doing anything on them.

Thank you very much for the pointers. I will follow them and see where it ends up

One cert per domain is fine. (just make sure your webserver is using SNI correctly)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.