Renew certificate automatically without exposing http port 80

#21

Before I moved to DNS verification, I used NGINX to internally proxy LetsEncrypt port 443 requests to my verification server which did listen on port 80. This also allowed me to use one single verification server to verify multiple domains which were hosted on other servers. All those other servers were proxying the 443 LetsEncrypt requests to one final server listening on port 443, which then contacted the upstream verification server on port 80.

This was the file which I included in every server

location /.well-known/acme-challenge/ {
  proxy_pass https://gateway-to-intranet.example.com/.well-known/acme-challenge/;
}

and on the gateway-to-intranet.example.com server I included

location /.well-known/acme-challenge/ {
  proxy_pass http://192.68.20.25:80/.well-known/acme-challenge/;
}
closed #22

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.