How to renew the SSL(letsencrypt, certbot) certificate in this case?

D

DVoropaev2017-09-26 18:18:53

linux

DVoropaev, 2017-09-26 18:18:53

There are two sites on one IP.
Only one site (site 1) lies on the host itself (which owns the IP), and another site (site 2) is being proxyed.

For those not in the know, certbot works like this:

(spoiler)

certbot запускается на хосте, создает некоторую страницу, затем CA (центр сертификации letsencrypt) обращается к сайту по DNS, и если находит эту страницу, то подтверждает работу certbot'а, и выдает сертификат.

Site 1 succeeded in updating certificates. what about the second site (host 2)?
I don't have access to the second host.

here is the config for the second site:

(spoiler)

<VirtualHost *:80>
      ServerName <sitename>
      Redirect permanent / https://<sitename>.net/
</VirtualHost>

<VirtualHost *:443>
    ServerAdmin *********@**.ru
    ServerName  <sitename>

    SSLEngine On
    ErrorLog  /var/log/httpd/<sitename>.log
    CustomLog /var/log/httpd/<sitename>.net_access.log common

    ProxyRequests Off
    ProxyPreserveHost On
    ProxyVia Block
    <proxy *>
        Order deny,allow
        Allow from all
    </proxy>

    ProxyPass        /  http://17<ip_скрыт>2/
    ProxyPassReverse /  http://17<ip_скрыт>2/
</VirtualHost>

There is such an idea:
1) Create a stub (possibly on the first host).
2) Redirect traffic to the stub
3) get certificates on the stub
4) return everything to its place, and transfer the certificates to the owner of the second host.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

Vladimir Skibin, 2017-09-26
@megafax

Can you try to forward all this stuff through nginx ? We close both sites via nginx, in each we enter that for location /.well-known/acme-challenge we take files from one place (the one that we specify as docroot for certbot), and we proxy everything else to Apache (1 site) and to a third-party host (2 site)