Let's encrypt plugin with imscp as proxy

  • @m4rv1n00


    What you mean by proxy exactly? Give us more details about the setup.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Public DNS is configured vs public IP of IMSCP installation.
    IMSCP www.domain.tld is configured as redirect (proxy) with preserve host vs webserver1 (http://internal_IP)


    IMSCP answer to https request and forward the requests to webserver1 in http.
    By hands this setup works and make imscp server to take load for SSL.
    Let me know if you need other.

  • @m4rv1n00


    As long as the HTTP ACME requests for domain validation are also proxied, there should be not problem. Eg:


    HTTP ACME requests <---> front Web server (webserver1) <---> i-MSCP server (Apache2).


    An HTTP ACME request for domain validation looks like: http://domain.tld/.well-known/acme-challenge/<token>


    To resume, there should be nothing special to do on your side other than installing the i-MSCP LetsEncrypt plugin on i-MSCP server.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • The infrastructure is
    Internet <---> i-MSCP server (Apache2) act like proxy <---> backend Web server (webserver1)


    My doubt is because an HTTP ACME request for domain validation like: http://domain.tld/.well-known/acme-challenge/<token> will be fully forwarded to backend web server but this (backend web server) will not contain .well-known/acme-challenge/<token> .

  • but
    HTTP ACME requests <---> i-MSCP server (Apache2) <---> backend Web server (webserver1)


    Is the imscp that act like proxy.

    You enable proxy feature through i-MSCP customer interface, right?


    In such case, that will work too ;) Why ? Because we don't proxy requests for path starting with /.well-known/


    Code
    1. ProxyPassMatch ^/((?!(?:\.well-known|errors)/).*) {FORWARD}$1 retry=30 timeout=7200

    See https://github.com/i-MSCP/imsc…s/domain_redirect.tpl#L24

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206