Let's encrypt on WAF and internal Servers

Hi Folks,

 

just for information, I'm using UTM 9.5 with let#s encrpyt and WAF for several times now using the scripts and manual found here.

Now that it will be natively supported in 9.6 there are some things which I'm worried ybout.

  • I only have one external IP-Adress
  • I'm using certificates on WAF for external access
  • I'm using certificates directly on my internal webservers with internal DNS resolution to the external use
  • I have several site-path-rules to get an acme challenge acceptance
  • everything works fine with the current configuration

As I saw that I have to bind Let's encrypt to an interface with Port 80. As I remeber this would be exclusive available for acme challenge and I cannot use Port 80 as virtual Server under WAF.
So As I think I cannot use Let's encrypt on the internatl servers to do the acme challenge as I cannot forward the http request to these servers.

 

Can you confirm my thoughts about the problems I could face.

 

Thanks

Carsten

Parents Reply Children