[squid-users] Squid question with letsencrypt

Bidwell, Christopher cbidwell at usgs.gov
Fri Jun 24 16:48:00 UTC 2016

Hi all,

I'm very new to squid and we are wanting to implement letsencrypt for our
ssl certificates.

Here's the scenario:

We've got several frontend servers running squid that are caching from the
backend systems.

i.e. test.com ->,, (all physically separated
from one another)

Each internal server also has its own dns name:

web1.test.com ->
web2.test.com ->
web3.test.com ->

Note that these are all public. Using 10. as examples.

I'd like to create a SAN certificate naming the 3 internal systems in
addition to the public name:

test.com, web1.test.com, web2.test.com, and web3.test.com.

On the letsencrypt forum they said that I could do a HTTP 301 redirect from
the squid servers to the backend letsencrypt server where any match for:
 /.well-known/acme-challenge/* would redirect with an HTTP 301 to that
backend letsencrypt server.  I'm not sure how to do this and the squid
documentation is not easy to comprehend.

Let me know if this isn't clear how I've explained this.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160624/472a5765/attachment-0001.html>

More information about the squid-users mailing list