I’ve just installed certificates using the instructions bor Ubuntu and everything works great.
However, I needed some help with my particular setup where I’ve got multiple servers behind a firewall.
Here’s a simple network diagram that best explains what I have
[Internet]
|
|
|
[Router Port Forwarding]
|
Server 1 [Port 80/443] Apache CertBot installed
Server 2 [Port 8080/8443] Email Server
I suspect this might be common question that people have, but I have certbot installed and setup on server 1, and everything works fine and is secure.
However, server 2 doesn’t have proper security settings and is also running a email Webserver and doesn’t show up as secure.
So my question is: what do need to do to make sure that even server 2 shows the correct security certificates (from server 1)?
Server 2 is a legacy system and I cannot make changes to it.
Sure, you could create a --deploy-hook that copies the certificate and private key to your mailserver and reload the mailserver, every time the certificate is renewed.
Pros: your mailserver doesn’t require your webserver to be online to proxy traffic for it
Cons: More moving parts, more DIY scripting required, webserver needs to be authorized to run commands on your mailserver.