cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
139 Views
Message 1 of 1

Two servers run on two Pis with different domain names both running through a BTHub6...

Hi,

The title may sound improbable but they run quite happily until I try to get SSL certificates.

I have two servers on two separate Pi4Bs, let's say, server A and server B. They are both on the same home network using a BTHub6. They are not servers for public use but are for my use alone. I am trying to get SSL certificates via "Let's Encrypt". I have tried a UFW firewall but get issues with "no-ip" and for example, "remote.it" getting access for admin purposes.

The server A is being used for cloud storage and uses a domain name. I have not attempted to apply for a certificate with regard to the second server B yet.

I have one external IP. The “cloud domain name” is directed to a DDNS hostname which then arrives at the BTHub6 network router at external port 8080. The server (B) is also directed to the same DDNS hostname but to external port 80 at the router.

At the router the "cloud domain name" uses an external port 8080 and internal port 80 to the “cloud Pi” (server A). That works just fine. The server B uses external port 80 and internal port 80 on the second Pi (B). That again works fine but not if I swap the use of the external 8080 port to the second server and the external port 80 to the cloud server. The cloud server A works but not the server (B). Why would this be?

I am told by "Let's Encrypt..." that the external port for the cloud domain server(A) must be 80 as well."

I am complying with all other Let's Encrypt requirements ... i.e. no other server is using 80 and the index page of apache2 is accessible from the Internet. "Let's Debug" reports “All OK.”

I am advised that I must: "Have one of your servers handle all the incoming requests. Act as a reverse proxy to your other server for just certain requests. That is the typical setup for "Let's Encrypt.."

Can someone help me with what that actually means!  I actually thought that that was what I was using but apparently not so.  I have apparently been using the router to divert the traffic and not one of the Pi's. This is not "a good thing" from what I am told.

Maybe I should just rely on http and very good passwords and forget SSL?

Any help/explanation gratefully accepted.

HyFy

0 Ratings
Reply