Hello everyone, I have an ispconfig+debian server behind a firewall with haproxy that is unable to generate SSL certificates with acme.sh for the websites (NOT for the ispconfig gui). Since the server's IP is obviously private, I believe the reason it's not working is because the IP is not under a 1:1 NAT and therefore not reachable on the internet. In other similar situations, but without ispconfig, I've always solved it by forcing letsencrypt to use the webroot. Do you know if it's possible to obtain a certificate using webroot even with ispconfig? If yes, can you provide me with some additional information? Thank you all.
IP addresses do not matter for LE to issue certs, so that's not the cause. ISPConfig always uses http auth, which is the auth method that is used by web root. Go trough the Let's encrypt error FAQ to find the reason why LE certs can not be issued: https://forum.howtoforge.com/threads/lets-encrypt-error-faq.74179/ In your case, probably step 4 is really relevant.
