Redirect letyscrypts requests


#1

Hi
My domain is: gazpromenergosbyt.ru
I want my email server (Altn Mdaemon) use LetsEncrypt.
But i have a problem.
Mdaemon server have imbedded script for letsencrypt, but it work only for 80 port.
I have cisco asa, which redirects all requests gazpromenergosbyt.ru:80 - site company to server1.
I want your source (letsencrypt) gazpromenegosbyt.ru:80 redirect to mdaemon server2. What ip letsencrypt use?


#2

Hi @cdv

Letsencrypt doesn’t use fixed ip addresses to check the files http-01 - validation requires.

See the FAQ:

What IP addresses does Let’s Encrypt use to validate my web server?

We don’t publish a list of IP addresses we use to validate, because they may change at any time. In the future we may validate from multiple IP addresses at once.

Isn’t it possible to redirect all requests /.well-known/acme-challenge to mdaemon server2?

Or is dns-01 - validation a better solution?


#3

my equipment does not allow such redirect. need a deep analysis of traffic…

Unfortunately, there is no built-in use of dns-01 in the mail server (altn mdaemon. Only http-01).
if there are more options I will be grateful … I will also try to manually use dns-01


#4

To be clear: The redirection is not request to happen in the firewall.
It should happen at the internal server that accepts the port 80 connections.
It would simply proxy those challenge requests to your email server.


#5

Big thanks.
I use my iis to redirect 80(server1) to 443 (server2 mdaemon) and it work good.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.