Hi all,
I am trying since weeks to get my LetsEncrypt working for my home network and a machine accessible behind my firewall. I am totally lost now getting frustrated after following dozens of tutorials.
I would really appreciate when somebody could give me a hint and toss me into the right direction.
What I have:
1) OPNsense connect to my carrier with a dynamic IPv4
2) set up DuckDNS account; this gets updated every night
3) I have a domain and created a subdomain (baerl.die-zurhorsts.de) with a CNAME record pointing to DuckDNS. this works as well
Now to the mess internally:
1) I am unsure about the correct naming of my (virtual) machines in my home network.
I tried it with fake domains as well as correct FQDNs:
- testweb.zurhorst.baerl
- testweb.baerl.die-zurhorsts.de
2) I started with the fake domain (zurhorst.baerl), transitioned to the subdomain (baerl.die-zurhorsts.de) and changed back to the zurhorst.baerl thing.
3) At least HA Proxy is working on Port 80. And there is also a certificate created, but this is not used. (https://testweb.baerl.die-zurhorsts.de/ is pointing to the same web server. How the hell does the LE certificate get onto the webserver??? -- Is this a manual step, or is this automated behind the scenes?
What is my goal:
- Simply spoken, I would like to have all communication between my servers secured with LE certificates.
But it starts with the appropriate naming "strategy", which then impacts the LE challenge types, etc. - And if possible, I would actually prefer my "fake domain" naming for the local domain (zurhorst.baerl), since this is shorter. All external stuff shall be routed through HA Proxy.
- finally, it would be great when my OPNsense could stay on its default port internally (https://opnsense.zurhorst.baerl(:443), without being accessible from the Internet
I have the feeling that every single tutorial is lacking a tiny piece of information. ::)
Hints are really welcome!
Thank you in advance,
Marcus