My domain is: bitwarden.arcadie.pro
I ran this command: sudo certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -v -d bitwarden.arcadie.pro
It produced this output: N/A
My web server is (include version): Nginx 1.18.0 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 22.04 LTS
My hosting provider, if applicable, is: Gandi for domaine name, O2Switch for DNS entries
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.31.0
Hello !
I have an Ubuntu virtual machine set on a server in our local network.
The network is protected by a Fortigate firewall.
Outside of the network, I have a domain "arcadie.pro" and a web hosting on O2Switch.
I have created a subdomain "bitwarden.arcadie.pro" that redirects on the static IP of our network and configured the firewall to allow requests coming from the outside on a specific port and redirect them on the Ubuntu machine where nginx handles them.
The thing is that we have many machines running in the network that can be accessed via our static IP and the only way I know of to properly redirect request in the firewall to a machine or another is by using different ports (but maybe I'm wrong there).
So ports 80 and 443 are already used for another server and in order to access the server I want bitwarden.arcadie.pro to be linked to, I had to use custom ports (let's say 8091 and 4523).
I hoped I could tell certbot to use the usual HTTPS challenge, but with a different port, but I didn't find anything about that.
I tried to setup the certificate directly on my DNS provider, and it is generated properly, but not used at all (I guess this is because my subdomain's target is not directly on the web hosting but merely redirected to the static IP of my network ? The only place to put a certificate is on the host machine ?)
So I used DNS challenge instead, which works fine but can't be easily automated. I saw in another post that it could be done, depending on the DNS provider, but mine isn't on the list.
Could someone please tell me if DNS validation and manual installation really are my only solutions there, or if I am missing something ?