- Running several platforms behind single public IP.
- My ISP is blocking port 80 so i have only one port left 443
Pound proxy - or others - is employed to listen and then to distribute based on SubdomainX.DomainY.com
Implementation explained in below link does not work out due to whatsoever specified port in –http-01-port 8000 LE will keep trying to verify through port 80 only which is blocked.
I have modified the offered solution to proceed with –tls-sni-01-port 443 on different machine with the following Pound directives on the main internet-facing machine,
AddHeader "“X-Forwarded-Proto: https”"
URL "^/.well-known/acme-challenge/.*" BackEnd Address 126.96.36.199 HTTPS Port 443 End
Does not work cause ListenHTTPS needs a certificate -which is not obtained yet - and hence self-signed one getting rejected by LE as getting wrong information on domain owner.
In case of no way both LE and Pound to be on single machine, no worries, separate machine will be dedicated for LE certifications and renewals, but the matter is how to establish directing LE verification to its machine as the proxy server is the facing machine.