On Sat, Dec 1, 2018 at 9:18 PM Joel Linn <[email protected]> wrote: > > Hi, > > I want to use letsencrypt for services in my intranet. > The acme protocol demands that a challenge response is published under > http://certname.domain.tld/.well-known/acme-challenge/xyz > All subdomains under domain.tld get forwarded from the internet to a > haproxy on the intranet. > > What I need haproxy to do is to simply proxy those requests to the > services that are resolved by local split dns where the challenge > response is hosted. > Having a rule to filter /.well-known/acme-challenge/ is easy of > course... > I'm having trouble finding out what the backend configuration needs to > be. > I figured this would be possible with lua but I hope there is a cleaner > solution. > > Thanks for your help, > Joel >
For people that have a desire to use letsencrypt for intranet services, might I suggest using DNS-01 instead of HTTP-01. Using DNS-01, the hostname does not have to be accessible from the Internet (obviously the domain name does). Rather than using certbot, I would suggest acme.sh for the smaller footprint, and larger number of supported DNS providers https://github.com/Neilpang/acme.sh Cheers
