Nginx Load balancer, which replacement method?


#1

Hello, I’m trying to solve the issue with standalone being discontinued also.

I have a Ubuntu Nginx load balancer that was using tls-sni-01 via standalone.

No ports are open since it’s just a load balancer. Webroot isn’t working without any ports.

I’ve read up on DNS and it seems more complicated. Not sure if the Nginx authenticator would work without an open port. Would it?

What is my best replacement option?

Thanks


#2

Hi @rv888

if dns-01 - validation isn’t an option, perhaps check acme.sh. There is a - new - tls-alpn-01 - validation support, which replaces tls-sni.


#3

Standalone isn’t being discontinued, it just won’t work on port 443 anymore - it will still work on port 80. If that’s not an option for you then acme.sh should work as JuergenAuer suggests.


#5

I used the method you recommended, created an alpn cert, and restarted Nginx afterward. How can I prove that the cert I am using now won’t stop working after 2/13?


#6

If you have created a certificate today, it is 90 days valide.


#7

This question is a bit open-ended…
It will have to stop working; as all certs have a lifespan (LE gives only 90 days to certs).
So at some point that cert will stop working.

If your question is more about if you can/will be able to renew certs after 2/13.
Then you need only review how you got the cert that you need to renew (look through the logs).
If it did obtain the cert via TLS ALPN (or HTTP or DNS) then renewing via either of those methods will continue work after 2/13.
If you have obtained a cert via TLS, then you need to start working on an authentication method replacement.
[preferably sooner than later]


#8

Thanks for clarifying. For some reason I thought these would just stop working on 2/13. Makes sense now.


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.