ACME certs on Virtual IPs?

sgw

Didn't find something in the Search here... forgive asking an FAQ:

I have a pfSense with some Virtual IPs (Type "IP Alias") assigned to WAN.

So far all the Certs issued were for FQDNs pointing to the original/first IP of the WAN interface.

Now there should be services hosted on a Virtual IP. So far the http-challenge fails, even when I add another FW-rule with destination "$virtual_ip_1" and Port 80 to WAN.

Does the ACME http-server listen on all the virtual IPs as well?

hints appreciated! thanks

Gertjan

@sgw said in ACME certs on Virtual IPs?:

ACME

"ACME" uses Letsencrypt, or comparable services, and these do not accept IP addresses. Only host names - domains names.

If the FQDN points to an A or AAAA or nothing, or something else, doesn't matter.

sgw

The question is:

how to let the ACME-package run the http-challenge on the Virtual IPs?

But I worked around this already (customer wanted traefik for the additional services).