I have a setup where I have a host system saturn
that runs multiple containers using the LXD hypervisor. Apache is configured to reverse proxy to specific containers, which run on private internal IPs. SSL certificates are stored on saturn
and configured in the container-specific Apache virtual host. This seems to pose a problem when using certbot. Let’s use titan
as an example of a container running on saturn
. All of the challenge methods seem to be invalid:
- I can’t spawn a server on port 80 because Apache is always bound to port 80 on
saturn
. - I can’t put a file in the webroot because the webroot only exists inside
titan
, and certbot doesn’t know how to reach inside it. - I can’t make DNS changes dynamically as there’s no API to do so in my organization.
What could I do to use certbot in this situation?
Apache 2.4.6, Centos 7, Certbot 1.3.0, I have root access.