I use a reverse proxy for all webhosts in my network. I have my firewall forward all requests via IPv4 to my proxy box, and then based on the hostname rule, it forwards traffic internally. That box also handles the certs.
The problem is, that proxy is not handling SMTP or IMAP traffic.
For IPv4, I just forwarded those ports directly to the MiaB box. This works, because with IPv4, MiaB is just looking at my external IP (expecting NAT) and assumes I have the ports forwarded.
But, I am forced to do NAT with IPv6. Reason is, I want HTTP/HTTPS traffic destined for MiaB via IPv6 to go to the reverse proxy. But, I want SMTP/IMAP traffic destined for MiaB via IPv6 to go to the MiaB box. I don’t know of anyway to have DNS give out different IP’s for the same hostname based on the port wanted.
So, I send them to the actual IPv6 Address of the reverse proxy. Then, at my firewall, capture the requests going to SMTP/IMAP and translate the address to be the IPv6 Address of MiaB.
So far, this is working well… except I can’t get a cert, that is used for SMTP, via LE in MiaB. It is expecting DNS to point directly to the IPv6 Address of the MiaB server. It does not expect NAT like it does for IPv4.
I get this message on the TLS page in Admin section:
The domain name does not resolve to this machine: <IPv6_of_Proxy> (AAAA).
With this error, it will not enable the button for me to click to obtain a cert. If it did give me the button… it would work. Everything points to the right place. It just doesn’t know it.
Anything I can do?