I created a let's encrypt certificate for my domain and install my SSL certificate in the nginx reverse proxy. Now, I want to secure the communication between the proxy and the backend server using also let's encrypt and I have the same domain name for both the proxy and the server. I don't want to use self-signed certificate in the backend server. So, how can I use let's encrypt for both the server and the proxy?
Asked
Active
Viewed 402 times
0
-
If you have full control of your reverse proxy and your backend server, why wouldn't you want a self-signed certificate? Do you trust Let'sEncrypt more than you trust your server admin (yourself)? And if so, isn't the server admin still intimately involved in the process, so is still the weakest link? – Dec 05 '19 at 18:18
2 Answers
0
Assuming your backend has a valid DNS name in a zone that you own, then yes you can generate a cert for it. Since it is the backend, you will probably need to use the DNS-01 challenge instead of the HTTP-based challenge. This probably means you need be using a DNS provider that supports some form of dynamic update.
Zoredache
- 130,897
- 41
- 276
- 420
-1
If I understand the response in this link Which ssl certificates go where on an reverse proxy? - nginx. I found that the Let's encrypt certificate can generate internal certificate to the backend server but I don't know how this process is performed?
rita
- 1
-
This is not an answer. Do a search on how to generate certificates and if something is not clear ask a question. – Piotr P. Karwasz Dec 06 '19 at 08:32