I've used Lua or Apache web server depending on the environment. Haproxy doesn't do this natively.

Sent from Nine<http://www.9folders.com/>
________________________________
From: Joel Linn <***@conductive.de>
Sent: Saturday, December 1, 2018 4:17 PM
To: ***@formilux.org
Subject: acme proxy for internal use

Hi,

I want to use letsencrypt for services in my intranet.
The acme protocol demands that a challenge response is published under
http://certname.domain.tld/.well-known/acme-challenge/xyz
All subdomains under domain.tld get forwarded from the internet to a
haproxy on the intranet.

What I need haproxy to do is to simply proxy those requests to the
services that are resolved by local split dns where the challenge
response is hosted.
Having a rule to filter /.well-known/acme-challenge/ is easy of
course...
I'm having trouble finding out what the backend configuration needs to
be.
I figured this would be possible with lua but I hope there is a cleaner
solution.

Thanks for your help,
Joel


________________________________

Information in this e-mail may be confidential. It is intended only for the addressee(s) identified above. If you are not the addressee(s), or an employee or agent of the addressee(s), please note that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender of the error.

For people that have a desire to use letsencrypt for intranet
services, might I suggest using DNS-01 instead of HTTP-01.

Using DNS-01, the hostname does not have to be accessible from the
Internet (obviously the domain name does).

Rather than using certbot, I would suggest acme.sh for the smaller
footprint, and larger number of supported DNS providers
https://github.com/Neilpang/acme.sh

Cheers