vMiVB 9.0 and Lets Encrypt certificate generation

[TCSI17]

Hi,
Has anyone been able to successfully get Let's Encrypt cert generation to work on a virtual MiVB specifically?
I can do the Let's Encrypt certs on MBG and MiCollab via the MSL interface fine, but the MiVB Server Manager it won't work.
I have tried to configure the Remote Proxy in MBG to forward the request to MiVB, but I have a feeling its not working as MBG is trying to authenticate the Let's Encrypt request and thus failing the connection verification.
Just curious more than anything, to see if anyone has been able to do this. It's strange that Mitel has that ability in MiVB Server Manager but yet it doesnt work properly. Or they don't have the necessary setup within MBG to properly deal with the MiVB Let's Encrypt certificate validation process...

Once again, thanks for the input.

 

[jpruder]

I have not tried this, but MBG proxy may not handle this.

 

[Valamagules]

I would try upload Let's Encrypt Cert to MBG Proxy, once that's successful, download the Cert from MBG Proxy and upload to other servers (MiVB/MiCollab/etc)
This will remove any SSL cert verification complications as the same SSL auth is used through out.




Clever men learns what Wise men shares!

 

[TCSI17]

@Valamagules thanks. I was trying to look for an automated way of keeping the MiVB cert up to date via the automatic Let's Encrypt renewal. since Let's Encrypt only issues 3 month certs, it would get hard to manage always exporting and importing the certs every 3 months.

I think i will open a ticket with Mitel Support and see what they say. Seems strange that MiCollab works ok but MiVB does not. It's probably the fact that MBG does not allow virtual directory access to MiVB other than /server-manager/ (or something like that). MiCollab allows more unrestricted access as it has a public portal. I will post back once I get an answer from them.

 

[jpruder]

I would try upload Let's Encrypt Cert to MBG Proxy, once that's successful, download the Cert from MBG Proxy and upload to other servers (MiVB/MiCollab/etc)
This will remove any SSL cert verification complications as the same SSL auth is used through out.

If you do this, just remeber that it will expire and not renew like a normal Let's Encrypt. But it should work as I have done this. On thing I maght ask, does the name of the MiVB resolve externally to the MBG?

 

[TCSI17]

Yep, the DNS name resolves externally to the MBG. I set the MBG up with Remote Proxy Services to the DNS name of the MiVB. Basically the exact same as i have done for MiCollab.
I'm wondering if it has to do with the 'supported applications' tab in Remote Proxy Services? It says MiVB requires minimum admin level access whereas MiCollab requires minimum user level access. Maybe there are permission differences on the webserver of MiVB? Just a theory. Not really sure exactly how ACME protocol works. I haven't dug into the inner workings yet.