Lets Encrypt and reverse proxy


#1

Hello guys,

i´m running lets encrypt on nginx webserver behind apache reverse proxy. How can I auto renew certificates for this webserver? I´m kinda lost how to configure reverse proxy properly to be able to proxypass to folder with acme challenge token or ho to push this acme challenge token into proper folder on reverse proxy which is accessible from the interne so LE can reach it.

Thanks you guys for any advices!

Jiri


#2

Hi @jiri.benes,

Do you have some kind of path mapping in place where particular URLs are mapped to particular URLs, or does the reverse proxy just pass all requests through directly?


#3

I use “standalone” mode and reverse proxy the challenge onto certbot. Ideas about how to automate initial configuration of certificates


#4

This is my conf of ref proxy vhost, certbot should create a token in /var/www/public/letsencrypt on mnps0024 server - webserver behind rev proxy

<VirtualHost 192.168.3.253:80>
ServerName sametime.zone
ServerAlias www.sametime.zone

    AssignUserID www_sametime.zone vhosts

    ErrorLog  /var/log/httpd/sametime.zone-error.log
    CustomLog /var/log/httpd/sametime.zone-access.log combined

    HostnameLookups Off
    UseCanonicalName On
    AllowEncodedSlashes On

    ProxyRequests Off
    ProxyPreserveHost On



    <Location /var/www/public/letsencrypt>
            # Restrction
            # include /etc/httpd/IPrestriction/deny.conf
            # include /etc/httpd/IPrestriction/NAME.conf
            ProxyPass http://sametime.zone.mnps0024.mnp.local/
            ProxyPassReverse  http://sametime.zone.mnps0024.mnp.local/
    </Location>

#5

I don’t think your ProxyPass stanza makes sense. According to the Apache documentation, it means that requests to http://sametime.zone/var/www/public/letsencrypt will be forwarded to http://sametime.zone.mnps0024.mnp.local/. That won’t help satisfy Let’s Encrypt challenges because challenges are never submitted to http://sametime.zone/var/www/public/letsencrypt.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.