Create a certificate for a server on the internal network, with a public domain name, through a proxy

Can we create a Let's encrypt certificate for an internal windows server published in the proxy?
Thank you for your time

1 Like

Hi @eduardo17, welcome to the LE community forum :slight_smile:

If the FQDN can be found in global DNS, then, in short: Yes, a cert can be issued for it by LE.
[not sure what the proxy has to do with (complicating) this situation]

There are several good Windows ACME clients to choose from.
But, depending on your exact situation, you may need to use DNS-01 authentication - which, for automation, will require that your DNS Service Provider (DSP) support DNS zone updates via API.

Hello and Thanks for your quick response, what I want is to get a security certificate for my email server to access from webmail this has a FQDN in the global DNS, but the mail server is within an internal network and goes to Internet through the corporate proxy with the real IP address of the proxy and this is how the FQDN is registered, however my question is the certbot, should I run it on the proxy server or on the internal mail server?

1 Like

If you intend on using HTTP-01 authentication, then you would have to allow HTTP inbound to the proxy (or through the proxy to the webmail server).
If that is the case, then wherever HTTP is terminated you can use an ACME client to obtain a cert.
If that is within the proxy, then you would have to deal with copying the cert over to the webmail server.
If that is within the webmail server, then you can use any of the Windows ACME clients.
[you've yet to mention witch webmail program you use, so I can't say with certainty if any such client can automate the cert integration for you]
If the case is that HTTP can't reach any of your systems, then you can try using DNS-01 authentication - which, for automation, requires that your DNS Service Provider (DSP) support DNS zone updates via API.

I hope all that is... understandable.
If not, just ask.

Si gracias, no me preocupa tener que manualmente poner el certificado en el servidor de correo (uso Mdaemon v21.o2).
El lunes probaré y le diré. Ok Gómez agradecido por la ayuda.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.