Letsencrypt on two different machines behind single wan ip

Hi,

I am currently running letsencrypt on machine 1 and I already forwarded 80 and 443 ports and everything is working perfectly fine.

I'm trying to setup another instance of letsencrypt on machine 2 but I am not sure if that will work because I only have one wan ip and I already forwarded ports.

Is there anything I can do to make it work on machine 2?

Thank you so much

1 Like

Hi @mouzzampk2014

  • you can use dns validation to create a certificate. Hard way - --manual works always.
  • you can change your configuration. Machine 1 as a proxy of machine 2. Or check your router if you have options to route port 80 extern + domainname 1 -> machine1, port 80 extern + domainname 2 -> machine 2.

Both domain names must be public visible via port 80, then you can use http validation.

1 Like

The path you take should get you to where you want to be.
Right now that ending location is a bit unclear (to me), so I can't offer my best advice.
You say you want another cert for another internal system. But who will be accessing that system?
If it includes anyone from the Internet, then you will have a problem with "port sharing".
You choices there are to use a different unique port for each internally secured system.
OR
Accept all HTTP/HTTPS to a single device and have it proxy the requests to their final destinations.
If you only want to access the systems within your own internal LAN, then you need to worry about the method used in getting the second cert.

In either case, you will need to address the name to IP situation:
On the Internet side - they will all resolve to the same external IP.
On the internal LAN side - they should resolve to their unique LAN IPs.
This can be solved by using an internal DNS system or hardcoding all the IPs into all the systems that need such access or using a firewall/router that supports "hair-pinning".

Understand that the cert will only "work" for URLs with the name in it.
That means: Access to IPs (HTTPS://192.168.10.10/) will not be secured with any LE cert.

1 Like

Hi @JuergenAuer thank you so much for your quick response. Apologies for late reply from my side.

Basically this is exactly what I have setup. On my router I have 80 and 443 ports open for machine 1 and this is my mouzzampk.com and I have number of services behind proxy and one such service is resiliosync. Which I access it via https://mouzzampk.com/resiliosync.

I also forwarded 81 and 444 ports on my router for machine 2 and this is my mouzzampk2014.com and I have resiliosync running at this machine. Unfortuantely when I try to access https://mouzzampk2014.com/resiliosync it redirect my page to resiliosync running on machine 1.

On both machines I have dns validation.

I hope this explains my current setup a lot better.

Thank you

2 Likes

Sorry if I'm saying something obvious but if you have redirected the ports to machine 2 you can use them to access to your second machine: https://mouzzampk2014.com:444/resiliosync

Oops I never thought about it :slight_smile: let me try this one tonight and update you. Thanks again

If you want to create a Letsencrypt certificate, external port 80 is required. Or a redirect to port 443 / https.

Not 81 + http, not 444 + https.

Maybe I misinterpreted it but seems @mouzzampk2014 is already using dns validation to get the certs.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.