Hi,

It does, but you need to provide your local ACME server which will verify your local dns domains for http-01 acme challenge.
That's the reason why it works out-of-the box for external, because there is external acme by default.


Michal Arbet
Openstack Engineer

Ultimum Technologies a.s.
Na Poříčí 1047/26, 11000 Praha 1
Czech Republic

+420 604 228 897 
michal.arbet@ultimum.io
https://ultimum.io



ne 17. 3. 2024 v 17:34 odesílatel wodel youchi <wodel.youchi@gmail.com> napsal:
Hi,

I deployed openstack using a self-signed certificate generated by kolla.
I am using the encryption both internally and externally.

Then I tried to use let's encrypt on the same platform, and it seemed to work, but only on the external URL of openstack (horizon portal).

Then I undeployed my openstack, and I tried to redeploy it again, this time Keystone couldn't be deployed, it complained about not being able to verify the self-signed certificate.

I had to disable the let's encrypt lines on the globals.yml to be able to deploy openstack.

My question is :
- Does using let's encrypt cover both internal and external traffic of openstack on all ports or just the 443?
- If it does, how to configure globals.yml , especially the lines concerning the certificates?
- If it does not, it covers only Horizon on 443, how could someone combine the use of self-signed to let's encrypt use? is it even possible?

Regards.