Renewing Certs from behind WAF (reverse proxy)

Hello Everybody,

Sorry if this question is silly … Sites that are running behind web app firewall (reverse proxy basically). Will they have issues renewing certificates through CertBot renewal process? Because outside DNS resolution for the domain will hit the WAF address instead of hitting the server directly.

I apologize because i do not know the intricate inner workings of the renewal system.

Thanks for the help in advance!

1 Like

Hi @antonskv

that shouldn't be a problem. Every reverse proxy has the same configuration.

Only relevant: A GET of http + /.well-known/acme-challenge/random-filename must send the correct validation file.

2 Likes

Thanks man. Yeah our reverse proxy will serve whatever is on the web server. I just wasn’t sure since i’m new to this =) I really appreciate your answer.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.