Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
[SOLVED] LE: multiple domains with different WAN IPs, individual certificates
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] LE: multiple domains with different WAN IPs, individual certificates (Read 3111 times)
browne
Newbie
Posts: 22
Karma: 0
[SOLVED] LE: multiple domains with different WAN IPs, individual certificates
«
on:
February 25, 2021, 10:42:40 am »
Hello,
I have set up my OPNsense as a reverse proxy using HAProxy and Let's Encrypt.
Right now I only have one certificate for my domain1.browne.com that has WAN1_IP.
However I need another certificate for my domain2.browne.com that has WAN2_IP.
My setup looks like this:
WAN1_IP (10.1.1.1) --> domain1.browne.com --> already uses a LE certificate (certificate1)
WAN2_IP (10.1.1.2) --> domain2.browne.com --> doesn't use LE certificate, but needs one (certificate2)
I know how to create the 2nd WAN interface and all that...
But how do I tell the ACME client to use WAN1 to generate certificate1 and use WAN2 for certificate2?
When I try to get certificate2 the ACME client on OPNsense always uses the default gateway, which is in my case WAN1 (10.1.1.1). The certificate generation then fails because certificate2 is resolving domain2 (10.1.1.2) during acme challenge. So the IP (WAN1) requesting the certificate (certificate2) is not matching to the IP of the domain (domain2) listed inside the certificate.
«
Last Edit: February 26, 2021, 02:52:19 pm by browne
»
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: Let's Encrypt: multiple WAN IPs with individual certificates
«
Reply #1 on:
February 25, 2021, 11:15:29 am »
Not really sure what you are asking. LE issues certificates for domains, not IPs. Presumably you can have certs issued for whatever domains you want nginx to listen on, and have DNS records for each domain that point to the WAN IP that you want to reach that domain on? Maybe I have just misunderstood what you are after.
Logged
browne
Newbie
Posts: 22
Karma: 0
Re: Let's Encrypt: multiple WAN IPs with individual certificates
«
Reply #2 on:
February 25, 2021, 11:42:27 am »
I know that LE issues certificates for domains not IPs.
I updated the first post.
«
Last Edit: February 25, 2021, 12:07:02 pm by browne
»
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Let's Encrypt: multiple domains with different WAN IPs, individual certificates
«
Reply #3 on:
February 25, 2021, 12:24:42 pm »
Ah, just saw your revisions. So have edited my post too!
Maybe switch to DNS challenge to get around this issue?
«
Last Edit: February 25, 2021, 12:26:49 pm by Greelan
»
Logged
smyers119
Newbie
Posts: 39
Karma: 2
Re: Let's Encrypt: multiple domains with different WAN IPs, individual certificates
«
Reply #4 on:
February 25, 2021, 03:18:31 pm »
Services --> Let's Encrypt --> Challenge Type
Make a new HTTP challenge using the 2nd WAN.
Logged
browne
Newbie
Posts: 22
Karma: 0
Re: Let's Encrypt: multiple domains with different WAN IPs, individual certificates
«
Reply #5 on:
February 25, 2021, 05:09:17 pm »
Quote from: smyers119 on February 25, 2021, 03:18:31 pm
Services --> Let's Encrypt --> Challenge Type
Make a new HTTP challenge using the 2nd WAN.
In the meantime someone in the german forum already told me to do so.
But thank you still!
This works perfectly fine.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
[SOLVED] LE: multiple domains with different WAN IPs, individual certificates