Hello guys,
i´m running lets encrypt on nginx webserver behind apache reverse proxy. How can I auto renew certificates for this webserver? I´m kinda lost how to configure reverse proxy properly to be able to proxypass to folder with acme challenge token or ho to push this acme challenge token into proper folder on reverse proxy which is accessible from the interne so LE can reach it.
Thanks you guys for any advices!
Jiri
Hi @jiri.benes,
Do you have some kind of path mapping in place where particular URLs are mapped to particular URLs, or does the reverse proxy just pass all requests through directly?
I use “standalone” mode and reverse proxy the challenge onto certbot. Ideas about how to automate initial configuration of certificates
This is my conf of ref proxy vhost, certbot should create a token in /var/www/public/letsencrypt on mnps0024 server - webserver behind rev proxy
<VirtualHost 192.168.3.253:80>
ServerName sametime.zone
ServerAlias www.sametime.zone
AssignUserID www_sametime.zone vhosts
ErrorLog /var/log/httpd/sametime.zone-error.log
CustomLog /var/log/httpd/sametime.zone-access.log combined
HostnameLookups Off
UseCanonicalName On
AllowEncodedSlashes On
ProxyRequests Off
ProxyPreserveHost On
<Location /var/www/public/letsencrypt>
# Restrction
# include /etc/httpd/IPrestriction/deny.conf
# include /etc/httpd/IPrestriction/NAME.conf
ProxyPass http://sametime.zone.mnps0024.mnp.local/
ProxyPassReverse http://sametime.zone.mnps0024.mnp.local/
</Location>
I don’t think your ProxyPass stanza makes sense. According to the Apache documentation, it means that requests to http://sametime.zone/var/www/public/letsencrypt will be forwarded to http://sametime.zone.mnps0024.mnp.local/. That won’t help satisfy Let’s Encrypt challenges because challenges are never submitted to http://sametime.zone/var/www/public/letsencrypt.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.