Idk if I understood the problem correctly, but you can renew with DNS challenge, if the real server is not reachable directly.
Comment on How do you get a certificate for an internal domain?
brownmustardminion@lemmy.ml 6 days agoThere’s no certificate at the VPS level. It forwards everything to and from the self hosted reverse proxy.
Now that you mention it though, there may be a slight complication with pinning the reverse proxy to the domain API for cert renewals. I’ll have to check how I have mine configured but I may have given my reverse proxy a IPv6 and configured that for cert renewals.
That would mean some down time as you update the IP if your ISP rotates it.
kossa@feddit.org 6 days ago
thelittleblackbird@lemmy.world 6 days ago
Still it is not clear to me how the interbank reverse proxy may get a valid certificate when the domain name is pointing to the vps. Do you copy later manually to the internal proxy?
And if so, how do you overcome the invalid certificate warning when you are accessing your services locally?