Vhtforums
AI Assistant
Replace SSL certifi...
 
Notifications
Clear all

Replace SSL certificates on home lab

2 Posts
2 Users
0 Reactions
1,039 Views
Posts: 1
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
(@mauriciovergara)
New Member
Joined: 1 year ago
[#376]

Hi: I have some internal labs of public websites (WP and J) I manage (some kind of stage server), but when I start the lab one, I am getting many errors with the SSL certificate (those are from Let's Encrypt)

I am thinking replacing the SSL cert on the lab but due them dont have Internet access, that's not an option.

Anyone have some thoughts about how resolv that errors?


1 Reply
Brandon Lee
Posts: 696
Admin
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
(@brandon-lee)
Member
Joined: 16 years ago

@mauriciovergara welcome to the forums! There are a few ways I would say you can do this. However, I have more questions for you. So, you have exact clones of the websites running in production? Are you wanting to use the same name as you have in production for SSL cert purposes?

An easy way I can think of is simply stand up a reverse proxy like Nginx Proxy Manager or Traefik in front of your lab. This would allow you to generate certs for the names you want to have proper SSL certs on in your lab. The Nginx proxy manager could have a network connection in an "Internet connected" network and then one in the lab environment to terminate the SSL certs for the machines you have running there. Then you would just point your DNS for lab to the Nginx Proxy Manager. 

Also, as another option, you can install certbot on an Internet connected machine and use the DNS challenge to create a valid cert. Something like this:

certbot certonly --manual --preferred-challenges dns -d yourdomain.com

This will result in generating Once validation is complete, Certbot will generate the certificate files: cert.pem, privkey.pem, etc. You would then just copy these over to your non Internet connected servers for proper SSL certs. Let me know if either of these methods might work for you or if there are other requirements there.

Brandon


Reply