Please fill out the fields below so we can help you better.
My domain is: allenintech.com
I ran this command: I tried ./certbot-auto certonly --standalone --email email@example.com -d allenintech.com -d www.allenintech.com. A certificate was granted for allenintech.com. However I only want a certificate for the server, accessible from the internet but on the LAN. Other web sites on allenintech.com do not need encryption.
I also tried to manual ? installation on the LAN server which of course failed since the challenges were not successful.
It produced this output: The certificate on allenintech.com was successful. I don’t think it is needed for what I am trying to accomplish. The certificate on the LAN server failed.
My operating system is (include version): Linux
My web server is (include version):Fedora 19 and Ubuntu 16
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes):
I’m using a control panel to manage my site (no)
I have full control of web server, webserverA.com. WebserverA.com has an real external static ip address, 22.214.171.124
WebserverA.com host several virtual hosts. Only one of the virtual hosts accesses an application/web server on the LAN, serveronLAN. ServeronLAN is accessed via reverse proxy from virtual host container <"VirtualHost *:8080>.
Pointing browser to different websites serves them perfectly. Pointing the browser to webserverA.com:8080 serves the application/web server on the LAN via reverse proxy perfectly.
ProxyPass / http://serveronLAN.webserverA.com/
ProxyPassReverse / http://serveronLAN.webserverA.com/
WebserverA.com is Fedora 19 running Apache 2.4.
ServeronLan is Ubuntu 16 running Apache 2.4. The configuration for serveronLAN is:
allow from all
Encryption is only needed on serveronLAN.
Question: How is a letsencrypt certificate obtained for serveronLAN, since serveronLAN is accessible from the internet albeit webserverA.com:8080 via reverse proxy?
Resources are very limited. A DNS A record is not permissible. Also, not permissible is dynDNS or moving the application from serveronLAN to webserverA.com. ServeronLAN must remain behind the firewall. An additional real external static ip for serveronLAN is not permissible.