I'm using a VPS on Linode runing 12.1. In the server I've got postfix+dovecot for virtualsdomains and to serve one or many of those virtualdomains.
All http traffic is redirected to a jail just to act as a reverse proxy. from that jail depending on the destination domain the request is sent to the appropiate server (I'm using gunicorn for a small django app) I received a reminder from LetsEncrypt that my certificates will be expiring soon, I moved each domain from the main vps to jails in other to make it more secure however I didn't think on the process for renewing certificates.
If I run certbot form the main server (fbsd vps instance) I won't be receiving any incoming http connections since all the traffic is redirected to the reverse proxy jail. If I run certbot from the reverseproxy jail, how would I move/store the certificates main instance so the smtp+dovecot won't fail?
I could stop redirecting http traffic to the reverse proxy, then run certbot and then enabling the pf rule again....? What's the best way to enable/disable rdr rules in pf? Should I create a table and the insert/remove entries so I don't need to reload all rules?
All http traffic is redirected to a jail just to act as a reverse proxy. from that jail depending on the destination domain the request is sent to the appropiate server (I'm using gunicorn for a small django app) I received a reminder from LetsEncrypt that my certificates will be expiring soon, I moved each domain from the main vps to jails in other to make it more secure however I didn't think on the process for renewing certificates.
If I run certbot form the main server (fbsd vps instance) I won't be receiving any incoming http connections since all the traffic is redirected to the reverse proxy jail. If I run certbot from the reverseproxy jail, how would I move/store the certificates main instance so the smtp+dovecot won't fail?
I could stop redirecting http traffic to the reverse proxy, then run certbot and then enabling the pf rule again....? What's the best way to enable/disable rdr rules in pf? Should I create a table and the insert/remove entries so I don't need to reload all rules?