Hello all together,
until now I use HAproxy with selfsigned certs by openssl,to publish my internal sites by HAproxy.
All Sites are on different machines and HAproxy is only the reverse proxy.
Everything works fine, but the users must accept the self signed certs.
Now I want to change to let's encrypt.
I installed let's encrypt (certbot-0.14.1-3.fc25.noarch by dnf) and it works on o machine with Fedora 25.
Now my Problem begins, when is started this to get my first cert for 3 of my domains.....
"sudo certbot certonly --webroot -w /etc/haproxy/ssl/WebSvrSSL-Certwildcard.my-domain.de_LetsEncrypt/ -d webmail.intern.my-domain.de -d activesync.intern.my-domain.de -d oc71.intern.my-domain.de"_
.... an this is the result...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
An unexpected error occurred:
ConnectionError: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 101] Network is unreachable',))
Please see the logfiles in /var/log/letsencrypt for more details.
... when you access my HAproxy the URL is checked and forwarded to the internal target machine with the site und the subdirectory in the url.
Every site has a special subdirectory.
When the url is unknown and unknown subdirectory there is a forward to my external homepage.
Can someone help?