Skip to main content
Information Security

Return to Question

Became Hot Network Question
deleted 26 characters in body
Source Link
Ja1024
Ja1024
  • 12k
  • 2
  • 24
  • 38

I wanted to secure my apps running in a private subnet with SSL. Albeit not necessary, it is very nice to have.

Because of my constant changes, I opted for a wildcard ssl certificate through my DNS provider Cloudflare by providing Nginx Proxy Manager the necessary API token.

I generated the wildcard certificate with port 80 of the server closed to the public internet, and expected it to fail. Since letsencrypt required me to run a web server listening at port 80 to complete the challenge, I though that a wildcard certificate would also require the same setup.

However, to my pleasant surprise, I was able to obtain the cert and use it for my proxied apps. I would like to know how this was accomplished without Lets Encrypt reaching my server through port 80 and completing the ACME challenge.

Thank you for reading.

I wanted to secure my apps running in a private subnet with SSL. Albeit not necessary, it is very nice to have.

Because of my constant changes, I opted for a wildcard ssl certificate through my DNS provider Cloudflare by providing Nginx Proxy Manager the necessary API token.

I generated the wildcard certificate with port 80 of the server closed to the public internet, and expected it to fail. Since letsencrypt required me to run a web server listening at port 80 to complete the challenge, I though that a wildcard certificate would also require the same setup.

However, to my pleasant surprise, I was able to obtain the cert and use it for my proxied apps. I would like to know how this was accomplished without Lets Encrypt reaching my server through port 80 and completing the ACME challenge.

Thank you for reading.

I wanted to secure my apps running in a private subnet with SSL. Albeit not necessary, it is very nice to have.

Because of my constant changes, I opted for a wildcard ssl certificate through my DNS provider Cloudflare by providing Nginx Proxy Manager the necessary API token.

I generated the wildcard certificate with port 80 of the server closed to the public internet, and expected it to fail. Since letsencrypt required me to run a web server listening at port 80 to complete the challenge, I though that a wildcard certificate would also require the same setup.

However, to my pleasant surprise, I was able to obtain the cert and use it for my proxied apps. I would like to know how this was accomplished without Lets Encrypt reaching my server through port 80 and completing the ACME challenge.

Source Link
OutwardThinking
OutwardThinking
  • 53
  • 3

How did I obtain a wildcard SSL certificate without port 80 opened for a challenge?

I wanted to secure my apps running in a private subnet with SSL. Albeit not necessary, it is very nice to have.

Because of my constant changes, I opted for a wildcard ssl certificate through my DNS provider Cloudflare by providing Nginx Proxy Manager the necessary API token.

I generated the wildcard certificate with port 80 of the server closed to the public internet, and expected it to fail. Since letsencrypt required me to run a web server listening at port 80 to complete the challenge, I though that a wildcard certificate would also require the same setup.

However, to my pleasant surprise, I was able to obtain the cert and use it for my proxied apps. I would like to know how this was accomplished without Lets Encrypt reaching my server through port 80 and completing the ACME challenge.

Thank you for reading.