Re: Expressways Let's Encrypt/ACME feature with Cluster

Thomas Leitner · ‎05-01-2019

Hey Community,

I'm currently in the design phase of a new expressway Cluster.

Expressway has since Version X12.5 the ability to get certificates signed by ACME (Lets encrypt).

Now back to my question - has anyone tried already to sign expressway e certificates of a cluster?

My design has currently the following variables:

Clustername: cluster.customer.org

Node 1: node1.customer.org

Node 2: node2.customer.org

therefore the public certificate has to have the following settings:

Node1: CN=node1.customer.org SAN= node1.customer.org,cluster.customer.org

Node2: CN=node2.customer.org SAN=node2.customer.org,cluster.customer.org

the A-Records are planned:
cluster.customer.org = <public ip of node1>, <public ip of node2>

node1.customer.org = <public ip of node1>

node2.customer.org = <public ip of node2>

is this possible with Lets Encrypt?

thanks in advance,

br Thomas

Thomas Leitner · ‎05-09-2019

hey community,

to keep the flow running, a quick answer.

It is working - the important thing is to get all the A Records (needed by the lets encrypt service) configured correctly.

the acme client on expressway is working fine :)

br Thomas

IngoJuergensmann · ‎01-08-2020

One question: do you use the Expressway with ACME for Jabber XMPP Federation as well?

Alexander Yug · ‎09-08-2019

Hi,

Have you solved this? How?