Good Day Community I got a question about SSL Certificate (LE). Actually i have an Ubuntu 20.04 with current Version of ISPCONFIG 3. It is running with Apache2. Now i got another Server for another application. So i created a website and configured as Proxy and secured with SSL (LE). That's working fine. But now the new Application got some "Slave" Servers and want to use SSL. So i tired to use a self signed certificate like i do with Exchange Server. But the "Slave" Servers do not accept it cause there is another Cert than the public from ISPCONFIG 3. so i thought solution: Just copy automaticly the LE Cert etc. to the other Server and use it. But i do not know how to automate this? Both Server are Ubuntu Server 20.04. So i tried with "scp". But there always "permission denied". Maybe someone here got any idea? Passtrough over proxy seems also do not work.. I always got 2 different failtures. 1. ISPCONFIG3 do not passtrough the .well-known... 2. ISPCONFIG3 if it passtrough it, i see another domain for example my exchange Server and not the Server i got on proxy. Thank You.
If you are proxying a website to another server, you can setup the ssl certificate in the first server, eg. using letsencrypt, and use a self-signed certificate, it even no certificate on the second server. If you post the proxy config you have, it may be more clear why the would be a problem.
Hi Thank you. It is required by the Panel on slave and other server that i need to have the certificate there. i have this: Code: RewriteEngine On ProxyPreserveHost On ProxyRequests Off RequestHeader set X-Real-IP %{REMOTE_ADDR}s Header always set X-Frame-Options SAMEORIGIN Header set Server Apache Header unset X-Powered-By RequestHeader unset Expect early ProxyPreserveHost On ProxyVia Full RequestHeader unset Accept-Encoding TimeOut 1800 SSLProxyEngine On SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off ProxyPass / https://192.168.49.49/ ProxyPassReverse / https://192.168.49.49/ AddDefaultCharset ISO-8859-1 RewriteCond %{HTTPS} off RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L] But it doesn't care ISPCONFIG if i just put in like this: Code: RewriteEngine On ProxyPass /.well-known ProxyPass / http://192.168.49.49/ ProxyPassReverse / http://192.168.49.49/ ProxyPreserveHost On ProxyRequests Off RequestHeader set X-Real-IP %{REMOTE_ADDR}s Note: Ispconfig 3 running on Apache 2, the server behind is a NGINX (if it need to be configured different)
You will be terminating an ssl session from the client on the first server, so it will need to have the/a ssl certificate there, whether or not the second server uses one.
Yes that is correct. But anyway the second server need a certificate or the panel would not work.. So i need to deploy there the public certificate but do not know how to ccopy it to this or how to tell ISPCONFIG "please forward the full traffic to this server that it can do a own LE certificate"
If your servers are behind nat router or something similar your option is limited to dns challenge, proxy, nfs or lastly copy ssl as you are trying to do. The command scp should work if you do it right even via bash script provided always servers must have ssh access to each other as described in several howtoforge tutorials and guides. If other servers are not mainly web servers, and you need the LE certs mainly to secure that other servers amd their services, to me using dns challenge is the best option.
So to reword that, you want ISPConfig to handle the letsencrypt certificate verification for a certificate on the first server, and also forward letsencrypt verification requests to the second server for it to also perform verification - and you can see difficulties there. The easiest solutions would be those @ahrasis mentioned (dns challenge, use a network filesystem to share the acme challenge folder, or copy certificate from server 1->2 after issue), or get another public ip address for your second server.
