Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1420
Views
2
Helpful
7
Replies

Let's Encrypt, hostname for applications and host/device?

Skeer
Level 1
Level 1

‎03-15-2021 01:48 PM

So I’m researching the moving from NameCheap to LE on our DNG. So setting it up for the server is straight forward enough but for applications… does each applications host need to also have Port 80 open?
Also, why is DNS verification not an option?

Thanks!

7 Replies 7

jamieis
Cisco Employee
Cisco Employee

‎03-16-2021 11:09 AM

Hi @Skeer,

I want to make sure I’m understanding your question correctly.

  • Are you trying to generate Let’s Encrypt certs inside of the DNG for the applications you’ve added?
    • If so check out Configure an Application in Duo Network Gateway, you’ll only need port 80 open for the DNG but you’ll need DNS entries of all the domains you’re trying to generate certificates for pointing to the DNGs address as well.

We currently only offer the file verification method and not the DNS method. I’d recommend contacting your account manager if you’d like to file a feature request for the DNS verification method.

Skeer
Level 1
Level 1
In response to jamieis

‎03-16-2021 11:25 AM

Hey Jamie, so this is pretty close. I did wonder about needing to open Port 80 to all the various applications urls/domains in addition to the DNG server/host itself. But sounds like all I should do is open http to the DNG host, then ensure there are public DNS CNAMEs for all the applications, is this correct?

Thanks!

Ben

0 Helpful

jamieis
Cisco Employee
Cisco Employee
In response to Skeer

‎03-16-2021 11:25 AM

That’s correct @Skeer !

0 Helpful

Skeer
Level 1
Level 1
In response to jamieis

‎03-16-2021 11:36 AM

Sweet! Thanks for the confirmation!

Have a great day!

0 Helpful

Skeer
Level 1
Level 1
In response to jamieis

‎03-18-2021 10:23 AM

Hey Jamie, a question if I may… So I changed the certificate to Let’s Encrypt for one of the applications on our DNG. In the DNG console it says it’s a Let’s Encrypt cert now. But when I browse to it… after I complete the Okta step and I’m at the applications URL I check and the certificate in use is for a different domain and not published by LE. What might cause this?

Thanks!

Ben

0 Helpful

jamieis
Cisco Employee
Cisco Employee
In response to Skeer

‎03-22-2021 05:16 AM

Hey @Skeer,

I’d double-check that you’re actually landing on the site being protected by the Duo Network Gateway and not being redirected to another URL. If you are accessing the site through the Duo Network Gateway you should either see your Let’s Encrypt certificate being provided to the browser for that site or any certificate you may have manually configured to be used.

Feel free to contact support so that they can get this sorted out after for you.

0 Helpful

Skeer
Level 1
Level 1

‎03-25-2021 12:21 PM

Thanks Jamie, I’m looking to update the DNG install this weekend then move onto actually investigating the LE cert stuff.

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents