Installing SSL on Apache Raspbery Reverseproxy


#1

I have a raspberry behind a router and installed reverse proxy with multiple vhosts (router.mydomaine.com, storage.mydomaine.com, security.mydomaine.com) working fine in HTTP mode. I try to install SSL with Certbot and woking fine with my apache server locally installed on raspberry. But anable to activate all other redirected hosts. These devices (camera, nas, router) haven’t any wwwroot. When I try to activate SSL, HTTP challenges fails every time and displays this following error message.

Thanks in advance for your valuable help.

Failed authorization procedure. storage.mydomaine.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://storage.mydomaine.com/.well-known/acme-challenge/dnGp2nJBmq4GGEErTo5PidsOZvJbnTwMAPW_HIrEIBM: Timeout


#2

Hi,

UPDATE:
If outside traffic is reaching your Apache server then reverse proxy to backend, why not setup an webroot (that place and try to find the verification file on your Apache server) than regular Apache config (which would place verification file on Apache server and trying to find the file from your proxied devices like cameras)


Im having trouble understanding…
Are you trying to issue certificate for devices that can’t complete authorization? Or trying to issue certificate to your Apache server and transport the cert to your other devices?

(For the latter, this should be working… but if you can’t place verification file on the device that outside connects to, it’s better to use DNS validation than HTTP)

However, please elaborate your question (since i have a poor understanding in English)

Thank you


#3

Hi,
Thank you very much for your prompt reply. Anyway, me too I’m not a English man, ;-), and try to describe my situation as follows:

Current situation:
1.My raspberry having installed apache webserver reachable from outside on mode HTTP and HTTPS (let’s encrypt SSL) working fine.
2.I have a NAS on the same local network and reachable from outside on HTTP mode (only for instant), also working fine.

Traffic flows:
I’ld like to activate RewriteEngine on my raspberry, in this way, all HTTPS packets arrived until my raspberry and local redirection communication between raspberry and my camera should be in HTTP mode

How it’s works now:
In order access on my NAS from outside, I installed reverse proxy on my raspberry (having apache server), so when I tried to reach my NAS form outside on mode HTTP, the http request arrives on my reverse proxy (Raspberry) and then redirected to the corresponding device (NAS), and in this way, everything working fine.

What I need to do!
I’ve a public IP and would like activate multiple sub domains on the same IP and manage redirection with my raspberry reverse proxy
Exemple: Activate and/or extend my SSL certificate to the NAS to reach my NAS on HTTPS mode from outside across my reverse proxy (as on HTTP mode described above)

My questions:
If I can’t define a wwwroot folder on my NAS device, how can I proceed my subscription?
Could you please tell me how to proceed a DNS challenge in detail?
What is the best practice for activate SSL on all devices (camera, nas, etc.) without wwwroot?


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.