Comment on How do you get a certificate for an internal domain?
thelittleblackbird@lemmy.world 1 week agoQuestion, how do you deal with the certificates if you have an external vps doing passthroy?
Because that certificate will not match the domain name of the vps and then everything will fail or at least trigger a lot of alerts.
I really fail to see how an internal backend in a different subnet can send the right certificate
brownmustardminion@lemmy.ml 1 week ago
There’s no certificate at the VPS level. It forwards everything to and from the self hosted reverse proxy.
Now that you mention it though, there may be a slight complication with pinning the reverse proxy to the domain API for cert renewals. I’ll have to check how I have mine configured but I may have given my reverse proxy a IPv6 and configured that for cert renewals.
That would mean some down time as you update the IP if your ISP rotates it.
thelittleblackbird@lemmy.world 1 week ago
Still it is not clear to me how the interbank reverse proxy may get a valid certificate when the domain name is pointing to the vps. Do you copy later manually to the internal proxy?
And if so, how do you overcome the invalid certificate warning when you are accessing your services locally?
kossa@feddit.org 1 week ago
Idk if I understood the problem correctly, but you can renew with DNS challenge, if the real server is not reachable directly.