Using let's encrypt in the backend server

_az · December 5, 2019, 11:24pm

I encountered a similar challenge in the past and didn’t want to use the DNS challenge.

Assuming the reverse proxy and backend server are both nginx, you can do something like this.

On the frontend nginx

server {
        listen 80;
        root /var/www/html;

        location /.well-known/acme-challenge/ {
                root /var/www/letsencrypt;
                try_files $uri @backend;
        }

        location @backend {
                proxy_pass http://1.2.3.4;
        }

}

On the backend nginx (1.2.3.4)

server {
        listen 80;
        root /var/www/html;

        location /.well-known/acme-challenge/ {
                root /var/www/letsencrypt;
        }
}

So, on either server, you can run webroot-based issuance and it will succeed:

certbot certonly --webroot -w /var/www/letsencrypt -d example.org

When the first server encounters a Let’s Encrypt request that it doesn’t have a matching file for, it will pass the request onto the backend server.

The same concept might be adaptable to other webservers.

Topic		Replies	Views
Reverse proxy and letsencrypt certificate Help	19	9674	January 22, 2021
Proxied Virtual Hosts Issuance Tech	3	3311	December 18, 2015
Obtain Certificate ona reverse proxy server Server	4	1491	October 11, 2016
Beginners Guide to nginx reverse proxy + several different webservers all secured Server	2	1832	April 11, 2017
How to get certs for a NGINX reversed proxy Help	9	3472	July 24, 2020

Using let's encrypt in the backend server

Related topics