This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[HOWTO] Let's Encrypt

Hi all,

I have got a fully working Let's Encrypt setup for multiple domains of my Web Application Firewall on my Sophos UTM 9.4!

On github I have made a manual on how to set it up on your UTM as well. Currently it has a few manual steps to set it up, but I might script this in the future as well.

https://github.com/rklomp/sophos-utm-letsencrypt

Comments, questions and improvements are welcome! And please leave a message if you have got it working as well.

Have fun!

René
[Donate]



This thread was automatically locked due to age.
Parents
  • I have spend many hours in this. First i would use a wildcard, but i noticed its not (yet) supported. 

     

    So, first i will use only the cert for "sub.domain.de".

    If i edit the domain config in my case to "ACL=('ssh:administrator@sub.domain.de:/var/www/html/.well-known/acme-challenge')"

    the script would connect to the public ip instead of the webserver behind the WAF.

    The same with the "ssh-copy-id <user>@<server>"

    so i have to use the "intern" IP of the webserver behind the WAF -> ssh-copy-id administrator@192....

    It is possible to use for the ACL= the IP? If i use the ip in the ACL, i get an error: getssl: problem copying file to the server using scp.
            scp /root/.getssl/sub.domain.de/tmp/... administrator@192....:/var/www/html/.well-known/acme-challenge/...

    With "ssh -i /root/ssh_key_file administrator@192...." i can connect to the webserver behind the WAF.

     

Reply
  • I have spend many hours in this. First i would use a wildcard, but i noticed its not (yet) supported. 

     

    So, first i will use only the cert for "sub.domain.de".

    If i edit the domain config in my case to "ACL=('ssh:administrator@sub.domain.de:/var/www/html/.well-known/acme-challenge')"

    the script would connect to the public ip instead of the webserver behind the WAF.

    The same with the "ssh-copy-id <user>@<server>"

    so i have to use the "intern" IP of the webserver behind the WAF -> ssh-copy-id administrator@192....

    It is possible to use for the ACL= the IP? If i use the ip in the ACL, i get an error: getssl: problem copying file to the server using scp.
            scp /root/.getssl/sub.domain.de/tmp/... administrator@192....:/var/www/html/.well-known/acme-challenge/...

    With "ssh -i /root/ssh_key_file administrator@192...." i can connect to the webserver behind the WAF.

     

Children
No Data