NGINX and QLIK : Same certificate LINUX and Windows server?

Hi,
First of all, thanks in advance for your support.
Our configuration is :

  • A public domain named for example: mydomain.com
  • Mail Local server 1 (LINUX) :
  • Application (QLIK) Local server 2 (Window Server 2012) : server3.domain.local
  • NGINX is configured as reverse proxy for both servers on 80 and 443 with Let’s encrypt certificate installed, configured on both of external “server1.mydomain.com” and “server1.mydomain.com

Question :
For technical need, even in LAN our Widnows server “server2.domain.local” must have a third party certificate.
Then, I have to use the same certificates files in NGINX server and install them on the local server2.domain.local
Or I have to install or generate a new one, knowing that it’s the same public domain “server2.mydomain.com

You don’t need to use the same certificate, you can have two certs for the same domain.

Just be advised that verification gets tricky when machines are not reachable from the internet. (or when you have several endpoints)

Or you can just copy fullchain and key off the reverse proxy.

No publicly trusted CA can issue certificates for .local domains, though. They can only issue certificates for public stuff that people can prove control over.

If that’s what you’re asking for, you can’t get it.

Some CAs may offer services with private, untrusted roots – Let’s Encrypt does not – but if you want to go that route, you can run your own internal CA for free (without the same infrastructure, though).

As @9peppe sayed, i want to generate and install a new certificate for the same public domain on 2 different servers (one LINUX, the ohter is Windows)
we will have no conflict ?

  • In case i use the first certifcate on the second server
  • In case i generate onther certifcate for the same public domain on another server

If you have a certificate for either windows or linux you can convert it to the required formats using openssl. Let’s encrypt certs just need to be for public domains (so no .local, as already mentioned).

You can also have the windows/linux servers just managed their own certificates, these can be for the same domains but managed separate (they don’t really need to be the same actual certificate).