Hello again! I managed to do a bunch of stuff but I didn’t quite make it. I did the following:
1- First, since I had a domain (for the sake of the example, let’s say that I really own
jruiz94.xyz), I added an A record for wildcard DNS to point to the machine where I have OpenZiti (lets assume this machine’s IP is 126.96.36.199), like so:
*.test.jruiz94.xyz A record points to 188.8.131.52
2- Then I followed this tutorial to get my cert using the DNS challenge type and I got it, to be precise, i got 2 pem files and they got stored on the server at
184.108.40.206, in some
3- As I needed some kind of server as test field, I started an echo http server on my local machine (lets call my local machine ‘Desktop’). I changed the default ports so it listens http on port 57575 and https on 57577. Of course when connecting to
https://localhost:57577 it complained that the cert was from unknown issuer, as expected.
4- Then on my OpenZiti server, I created 2 identities, one for my Desktop and another for a client (let’s call the client ‘Laptop’). Following the same steps as the Minecraft tutorial, I created hosts/intercepts/services etc so that:
http://echo.test.jruiz94.xyz got redirected to the desktop’s localhost and port 57575
https://echo.test.jruiz94.xyz got redirected to the desktop’s localhost and port 57577
5- I enrolled the identities on the desktop and the laptop
6- And from the laptop I connected to the desktop and, to my very surprise, worked both on http and https, and the redirections from port 80 to 57575 and from port 443 to 57577 worked like a charm at the first try! However, the https complained again that the certificate was from unknown issuer.
From what I can understand, I think I’m missing the step where either
- OpenZiti picks up the LetsEncrypt cert
- The echo http server picks up the LetsEncrypt cert
I’m unsure on which one of the two answers is the correct one. Also perhaps the issue is that I chose an echo http server that isn’t that good for this example (since it’s dockerized and may have its own cert settings? Im not fully sure)
My knowledge on how to use certs is pretty limited, can you point me on the right track?
Thanks a ton for your help, this tool is truly amazing, I still can’t believe I made the http redirection work on the first try hahah