What's the proper way of handling this scenario?
I want all traffic to be https. I have a Linux Web server that hosts a few websites behind the UTM and they all share the same IP address (SNI). It is NGINX->Varnish->Apache and the control panel that I use can auto-renew Let's Encrypt SSL certs for each domain. I use the Sophos WAF with Let's Encrypt certs.
Am I supposed to not use the Let's Encrypt functionality of the Linux control panel and only use certs in Sophos UTM, point the WAF HTTPS Virtual Webserver to a WAF HTTP Real Webserver?
Or do I set both the Linux control panel and the UTM to auto-update Let's Encrypt certs and point the WAF HTTPS Virtual Webserver to a WAF HTTPS Real Webserver?
With the latter option, the UTM and the server will each have different certs for each domain. What issues will arise from that? What issues will be encountered with the first option?
I’m assuming the correct way of handling this situation would be to duplicate the WAF cert on the web server, or vice versa, and point the WAF HTTPS Virtual Webserver to a WAF HTTPS Real Webserver but doesn’t that mean that both the UTM and the Linux webserver are encrypting the traffic? I have no clue on how to duplicate the certs so both use the same certs. I’m confused???
This thread was automatically locked due to age.
