[solved] Let's encrypt and NAT

  • Hi,

    I try to use the Let's encrypt plugin, but it is not possible for me. The acme-challenge fails, because my server has no public IP, I use NAT to make the server accessible from public internet. And so the server can't connect to himself with his public IP

    If I add the domain to the local /etc/hosts with the RFC1918-IP, it works, but I don't want to add all domains to this file.

    What can I do?


  • I think it depends on your router and how it manages this kind of requests.
    In my situation (server behind NAT) there's a special configuration I had to do on the vSphere router in order to manage this kind of traffic. For VMware it's called "pinhole".

    Hope it helps,
    bye Kess.

  • @RodNoc

    Basically, the problem is on the frontend side of the plugin which try to validate the domain reachability by connecting locally. So, you could maybe just disable the check manually (comment the related code part) in the plugin frontend file. For next version, it is planned to remove those check anyway and repose only on Let's Encrypt answer because many users are in the same situation.

    Another solution would be an i-MSCP listener file that would add the domain automatically (with the correct private IP) into the /etc/hosts file.


  • Hi,

    I changed the check, in line 136 of the client-frontend i changed $domainName to 'panel.mydomain.tld'
    So I only need the hosts-entry for the panel, not for every (sub)domain.

    Thank you, I will wait for the next release :)