On 08/23/2018 07:33 AM, erdosain9 wrote: > I have Squid configured as a proxy reverse. > The DNS are configured too. The clients can access from outside without > problem. > It is working well. > But I want to serve web pages with https and I would like to use Let's > Encrypt (or something similar) so clients do not have to accept an invalid > certificate. > > I wanted to know if this is possible. It is. You can use any well-known CA, including Let's Encrypt, to obtain a well-trusted certificate for your reverse proxy. > The servers have to have configured let's encrypt? The machine running Squid needs to be configured to use Let's Encrypt. It usually boils down to installing Let's Encrypt automation scripts/agents for generating/renewing certificates. The origin servers behind your reverse proxy do not have to use encryption and, if they use it, do not have to be configured to use Let's Encrypt. It is your choice whether to encrypt Squid-origin communication at all and, if yes, whether to use Let's Encrypt for that encryption. > Squid has to have configured let's encrypt? Squid https_port can be configured with the Let's Encrypt-provided certificate and private key, but Squid itself does not know where that certificate and key came from. This is similar to, say, Apache httpd configuration -- Apache does not know anything about Let's Encrypt, but Let's Encrypt-generated certificates can be integrated with Apache httpd configuration. When you figure all the details out, consider publishing them on Squid wiki for others to reuse. HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
