Running websites in closed networks


#1

My website will run at Wifi hotspots, meaning that the server will have a LAN IP address from a local router. WAN access may or may not be available reliably at these locations. I plan to use the same domain name for each server (i.e. when a user connects to the hotspot, they will be able to access my website using the URL https://mywebsite.mydomain.com). The hotspot router will be configured to resolve this DNS name to my server’s LAN IP address.

How can I use LetsEncrypt certificates on my local servers to secure my website?

Thanks!


#2

Since it will always be the same URL, you will generally need to copy the same certificate, private key and chain to each of your servers. Without the detail of your setup I have no idea if this is a secure and sensible way of doing things though ( and something you can update every couple of months ).


#3

Andy,

Thanks very much for the quick response.

When you say this might not be the most secure, is it because it would
be copied to all these servers?

Also, I’m completely new to this, so what are the steps to do this? Can I
start with certbot? Should I connect one server to the WAN to create the
initial certificate?

Thanks!


#4

Essentially, yes. You need to upload the private key to every server, so if one of the machines was compromised then the private key for all the servers has been compromised. Not knowing what your device is / and how secure it is - I can’t say how much of a potential issue that is.

You could start with certbot, yes ( in which case you will need to port forward or connect it to the internet to obtain the certificate).

Can you provide a little more background as to what this device / webpage is, how it’s used, where ? so that the advice can be a little more accurate


#5

Thanks again, I’ll start looking into it.

As for the device, it is a Raspberry Pi type of server running a PHP/Nginx
web application on Arch Linux or Ubuntu.

The deployment is exactly like I stated - at small,
public, unmanaged hotspots with possibly a 4G modem for highly
restricted WAN access. The WAN access will be restricted to just a handful
of public sites via router configuration.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.