Ok but this is already in production. Considering that glpi at least I don’t think I can use the same name le, I should request another le for the new virtualhost. Or on domainname glpi can I insert the existing one?
add to LE the new vhost of glpi ???
Of course , if the new virtual host on glpi domain name has a different name , I can’t use the same LE certificate with a different name . Example if I already run myoldhost.ddns.net and on glpi I create a new virtual host with the name newhost.ddns.net , I can not use LE of the old one with the new host , because it refers to the correspondence of the name fqdn ( oldhost.ddns.net ) with any newhost.ddns.net having in common only the wan ip but the different fqdn name . At least my acquaintances stop here!
Well without a map of your network with IP and servers I cannot state on your issue
For me it is not a problem but my time is really limited and I put too much here. You can continue to use glpi as before it is safe enough
1 Like
Certainly, in fact the problem is limited to the information I have provided, which is always limited. Thank you very much for taking the time to me despite all your commitments. The important thing is to have given me some indications on which I can reflect and understand to find a solution.
1 Like
tried to precise my mind, this was not a good day, I would want to apologize because I have been harsh
https://wiki.nethserver.org/doku.php?id=glpi-latest#settings
2 Likes
You don’t have to apologize for anything, you weren’t absolutely rude.
In fact, I am always surprised how you can manage so many posts and help so many users to solve more or less important problems. Thank you for the other information you have provided me.
1 Like
tested again last evening and never find a way to suppress the warning without a virtual host, the doc of glpi states to make a virtual host so we have a never end issue. on spare time we could start a private chat and to share your concerns relevant to LE, I did not catch it because I do not see what is different with before, there was no LE capacity with the URL IP/glpi
Thanks sthepan for taking charge of this problem , although of superficial relevance . last night I tried on the test server and with the parameters of the domain name it only works from the lan . The other server always loads the nethserver home page. Moreover, in my network I found an incorrect parameter on the ruter regarding the port 443 that I put in place. However, when you want, we talk to chat and see to understand the problem, which in my opinion I would like to solve only for pure technical spirit. I really thank you regardless of the solution, for the availability you have with everyone !!!
1 Like
Another difference , although the servers are very similar and use for glpi php 81 … I noticed this :
From the left the test server works only from the lan with the domain name of glpi, on the right the server that really doesn’t want to know …
I attach these images even if they probably have nothing to do with the problem …
phpVersion comes from my old module phpScl I suppose
blind shot
form external you need to route 80 and 443 from your router to the IP of this Nethserver, or create a VPN to and set a DNS Server when you use the VPN. I have something similar to use the DNS of my LAN when I am outside and I virtualize on the proxmox inside my LAN
check apache logs ssl_access* ssl_error* error* access*
We probably have a very similar configuration as my neth has been on proxmox for 4 years. Then the main server or quantico.ddns.net ( is an alias ) , runs with in LAN , From the router there is a DMZ towards my pfsense , which rotates all ports and all protocols . From there, I created dnat rules towards neth server, activating the pure nat and making it practically published or better accessible from the wan. Always with neth server via reverse proxy , I rotate services to other hosts in lan , such as guacamole , zabbix and more , using the https LE service of neth LE reverse proxy . For the internal dns I use pfsense , which depending on the resolution domain rotates the correct target . Part of the quesry dns however are served by pi-hole who as primary dns uses pfsense who decided where to forward the resolution of the names. However, to understand better you should see, because to explain it in words it is complex and does not make the deia good. moreover nethserver and other services are accessible from the outside via openvpn or ipsec with road warrior certificate and authentication in AD via nethserver.
1 Like
I analyzed the ssl_access.log log
192.168.8.66 - - [12/Oct/2023:06:46:00 +0200] “-” 408 -
151.81.197.182 - - [12/Oct/2023:06:47:27 +0200] “-” 408 -
1 Like