Update automatically https certificates

NethServer Version: 7
Module: Server certificate

Hi, I have Nethserver installation (v7) with a proxy pass configuration that redirect 80 and 443 requests to two internal server (debian and windows 2016).
I would like to know if there are some methods to update automatically server certificates or I have to update it manually (because let’s encrypt wants 80 e 443 opened to server that request certificates update).

Thanks.

There’s a solution by @danb35 to manage the certificate via DNS instead of HTTP in the wiki but your DNS provider has to support it.

If you use reverse proxy like redirecting from http://yournethserver/someserver to http://someserver let’s encrypt should just work (including autorenewal). You are only redirected when browsing to http://yournethserver/someserver so letsencrypt should have no problems with port 80.

2 Likes

The redirect is in a file in httpd directory.

https://mydomain.ext to https://server_ip

…and there’s a separate method I’ve written up here that will work with any DNS provider, as long as you can set CNAME records. I wrote it with the intent of its being used for wildcard certs, but it will work for any type of cert you want.

3 Likes

These solutions are for nethserver installation, correct?
But I have to renew certificates also on debian and windows server or it’s not useful?

Thank you.

The specific step-by-step details are for a nethserver installation, but the techniques would work for any system. If you set up an acme-dns server on your Neth box, any of your systems could use that.

Ok. Thanks…

  • Anyone know if I have to update also debian and windows certificates or only nethserver certificates?
  • And… is there a method to have valid certificates more than six months?

Thank you.

When you use reverse proxy, the Nethserver certificate is used, so maybe there’s no need to update the other certs.

1 Like

Let’s Encrypt certs are only valid for 90 days, and no, there’s no way to get longer lifetimes on them–though if your renewal process is set up properly, there’s also no need for longer validity.