xx

ACME Challenge Connector

Introduction

If the network configuration of your anynode changes, such as altering IP addresses or ports, you must adjust the ACME connector accordingly to ensure proper communication with the certificate provider.

To access this menu, please follow these steps:

  • Go to the Extras section.

  • Select Web Server and Connectors.

Screenshot: anynode frontend with the expanded extras menu and access to the web server connectors configuration. Screenshot: anynode frontend with the expanded extras menu and access to the web server connectors configuration.
anynode frontend with the expanded extras menu and access to the web server connectors configuration.

In our example, we will edit the existing ACME challenge connector.

Choose the desired connector and click on Edit.

Screenshot: anynode frontend with web server connectors overview. Screenshot: anynode frontend with web server connectors overview.
anynode frontend with web server connectors overview.

HTTP Type

The web server connector assistant will open. An unencrypted HTTP connection is required for the HTTP-01 challenge. For more information, refer to the Certificate Challenge chapter.

Select Use a simple unencrypted HTTP connection.

Click Next to proceed.

Screenshot: anynode frontend with web server connector assistant and HTTP type selection. Screenshot: anynode frontend with web server connector assistant and HTTP type selection.
anynode frontend with web server connector assistant and HTTP type selection.

Services

To reduce the attack vector, the services offered via a connector can be restricted. At the very least, the ACME service needs to be activated here. We recommend using the default value to open the connector only when necessary to fulfill the services.

Click Next to proceed.

Screenshot: anynode frontend with web server connector assistant and service restrictions. Screenshot: anynode frontend with web server connector assistant and service restrictions.
anynode frontend with web server connector assistant and service restrictions.

Network & Port

Define an IP address filter here. The web server will bind to one appropriate IP address that matches the filter. You can choose the IP address to be used here. It is recommended to select both an Interface and an IP Address.

Port 80 cannot be used by any other program on the anynode machine with the selected Interface IP Address. The port will only be opened when a challenge is initiated for certificate renewal or a new certificate issuance.

Click Next to proceed

Screenshot: anynode frontend with web server connector assistant and network and port settings. Screenshot: anynode frontend with web server connector assistant and network and port settings.
anynode frontend with web server connector assistant and network and port settings.

Name

Specify the name of the web server connector. It can be used to differentiate between different connectors. The assistant will suggest a name, and we will accept it.

Click Finish to close the assistant.

Screenshot: anynode frontend with web server connector assistant and specification of the name of the connector. Screenshot: anynode frontend with web server connector assistant and specification of the name of the connector.
anynode frontend with web server connector assistant and specification of the name of the connector.

Everything configured through the upper anynode menu (web server connectors, backends, certificates) is always applied immediately when you close the window or complete the assistant. A Commit is not required at this point.

You have now familiarized yourself with the ACME web server connector assistant and its various configuration steps, and you are able to make changes here.

If you want to enable external access to the anynode frontend using an HTTPS connector, the following chapter, Create HTTPS Connector with ACME, is the most suitable choice for you.