I’m trying to understand the best way of using LE certs for a development infrastructure environment I’m trying to set up. I have a few “client” VMs on my development system that need to talk to other “server” VMs (also on my dev system) and those servers need to have LE certs installed upon them (openssl libs throw tizzy fit if self-signed and I’m trying to mimick the live environment as closely as possible).
I believe that the only way of doing this is to have one VM (“proxy”) set up in my VM environment with a bridged network to my LAN so that my router can port forward 443 requests to that proxy. (This also gives me the advantage of having external clients check into my servers too). That proxy I’ll use nginx for. The servers will be running Apache.
My ISP blocks port 80 so I’m using a DDNS provider and I’m able to generate a cert for my proxy using the DNS-01 challenge. It’s at this stage I feel as if I’ve come to a crossroad on how to proceed…
- Does the proxy need to also hold the wildcard for all the hosts that it will be proxying for? (need to look for the proxying commands set up within nginx to accept the HTTPS request for any internal host and then forward that request, still using HTTPS to the individual servers)
- The servers also need to host the certificates for their own (individual) FQDNs correct?
- I can only imagine that both proxy and all servers will need to auto-renew?
Is this all making sense?! I’ve looked around for a tutorial on this kind of set up as I feel as if I can’t be the only one thinking of doing this, but as yet I’ve not found one (but would be more than willing to write one up given a little direction - it could be useful within this forum?)
My domain is: mrm.giize.com
I ran this command: N/A
It produced this output: N/A
My web server: nginx 1.10.3 (proxy) / Apache2.0.47 (servers)
The operating system: Ubuntu 16
My hosting provider: N/A
I can login to a root shell: yes
I’m using a control panel: no
The version of my client is: 0.31.0