I am using the Apache in Nethserver as a virtual host and I want to use Let’s Encrypt for this virtual hosts (Linux/Windows).
If I create a certificate for the gateway using Let’s Encrypt: No Problem.
If I add an addional name using the following Syntax and create a new certificate, it will fail
db hosts setprop alias.mydomain.com LetsEncrypt enabled
That is fails, is due to the fact, that Let’s Encrypt is doing the following:
- It creates a temporary file on your webserver
- It queries the validation from Let’s Encrypt => The Let’s Encrypt servers will try to contact your webserver and download the temporary file
- If the file is valid, the domain is approved
- 2+3 will be repeated for every domain
- if every domain was valid, you will receive the certificate
The Problem is now:
nethserver.mydomain.com is the certificate for the Gateway (works)
I have two virtual hosts configured in the apache:
app1.mydomain.com (Linux Webserver)
app2.mydomain.com (Windows Webserver)
When I try to create one certificate for all three domains, it will fail. The reason is, that the validation-query from let’s encrypt will be redirected to the the app1 and the app2 server. The validation-file is not available on that hosts, because the script placed in the directory on the nethserver.
So, what I can do?
- Run let’s encrypt on the virtual hosts. The certificate will be successfully created, but: The virtualhost has to get the pem-file somehow automatically right after the certificate is created everytime. The advantage of this will be, that I will not have one certificate for all my domains (that I prefere, because nobody should know, that there is nethserver.mydomain.com).
- Get a way to let Nethserver answer the validation-queries of Let’s Encrypt. I don’t have a clou how to do that and if that is possible (automatically on every renew). The negative aspect is, that the nethserver.mydomain.com-address will be in every certificate.
Do you have any Ideas, hints, workarounds, …?