Hi, It does, but you need to provide your local ACME server which will verify your local dns domains for http-01 acme challenge. That's the reason why it works out-of-the box for external, because there is external acme by default. Michal Arbet Openstack Engineer Ultimum Technologies a.s. Na Poříčí 1047/26, 11000 Praha 1 Czech Republic +420 604 228 897 michal.arbet@ultimum.io *https://ultimum.io <https://ultimum.io/>* LinkedIn <https://www.linkedin.com/company/ultimum-technologies> | Twitter <https://twitter.com/ultimumtech> | Facebook <https://www.facebook.com/ultimumtechnologies/timeline> ne 17. 3. 2024 v 17:34 odesílatel wodel youchi <wodel.youchi@gmail.com> napsal:
Hi,
I deployed openstack using a self-signed certificate generated by kolla. I am using the encryption both internally and externally.
Then I tried to use let's encrypt on the same platform, and it seemed to work, but only on the external URL of openstack (horizon portal).
Then I undeployed my openstack, and I tried to redeploy it again, this time Keystone couldn't be deployed, it complained about not being able to verify the self-signed certificate.
I had to disable the let's encrypt lines on the globals.yml to be able to deploy openstack.
My question is : - Does using let's encrypt cover both internal and external traffic of openstack on all ports or just the 443? - If it does, how to configure globals.yml , especially the lines concerning the certificates? - If it does not, it covers only Horizon on 443, how could someone combine the use of self-signed to let's encrypt use? is it even possible?
Regards.