Skip to main content

Renewing LetsEncrypt SSL/TLS Certificate for Mail Server behind HaProxy

Best practices is having a valid cert on the mail server(s), to only accept encrypted traffic (e.g. not listen on port 80) and to redirect non-encrypted port 80 traffic to SSL/TLS port 443. 

However if you use LetsEncrypt, you need to pass the inbound LetsEncrypt request without a redirection. There are numerous ways to do this, but if you want to not have to create a custom firewall rule for LetsEncrypt traffic and not have to worry about non-standard TCP ports read on...

Steps for this:

Ecommerce development of web-to-fax, email-to-fax delivery of orders

1995: Back before PCI compliance existed, shortly after SSL was first developed, vendors wanted to have the ability to have an e-commerce store but not take the risk of having credit card information sent via email or stored unencrypted.

Worked with one of the largest florists in the United States to develop a system that allowed web orders to be sent to via fax. Setup a contract that charged a percentage of each order instead of a monthly fee.  Within a year they were making more orders per month than they usually made all year.

Web-Based Medical Billing Appliction for Statewide Network of Health Care Providers

Web-based billing/accounting system and patient management software for associated network of doctors across Iowa.

Allowed doctors move to a paperless medical record system. Managed allowed procedures for doctor/patient interactions and automatically created PDFs in format required by insurance agencies and state regulators. Final implementation nearly completely automated billing/reports to state regulators and insurance agencies, saving client hundreds of person-hours per month.

Integrating Multiple College Databases into Central Web Database

2001-2006: Lead Application Architect, DBA for system integrating multiple universities' and colleges’ admissions databases into a centralized "Sports Recruiting Management System." Led a team which built the web service used by NCAA schools across the country so that coaches and recruiters could adhere to strict NCAA recruiting and reporting requirements.

4-ISP Linux firewall

1999:

Called in to take over networking issues that prior consultants were unable to solve.

After purchasing two competitors, the client was required to maintain connections to the internet and required by vendors have direct WAN connections to 3 third-party vendor networks.

Client had a complex routing issue consisting of multiple Cisco routers, multiple digital lines, managed switches, fiber repeaters, a satellite connection, and the local network.

HIPAA Security Upgrades

Contracted by private regional hospital for assisting with security issues fpr network of several hundred windows 2000 client computers. Network ran with a central PDC running RedHat linux and Samba. Client was required to implement additional security as part of HIPAA (Health Insurance Portability and Accountability Act of 1996).

WAN Load Analysis for 10 Distributed Offices

Analysis of web server, network and firewall security for client with 10 offices across the Midwest. Issues investigated included: connectivity across multiple T1 lines, migration from Novel to a Windows 2000 cluster, general IP security, database issues and IT security.

Implemented MRTG, DMZ, new routing tables, secondary firewall with an IDS (snort), dual Internet connections with bandwidth sharing. Client passed multiple, third-party, security audits and passed with no issues relevant to work done.

Office to Office IPSEC VPN

Optometrist had two offices each sharing one accounting database. Client wanted a secure and easy way to network each office such that all computers on each network could access the other network without installing specialized hardware or software. I met with clients and proposed and implemented a low-cost, high-resilient system. Directed office IT on required internet purchases and led the installation of a trouble-free, web-managed system consisting of two Linux firewalls using VPN IPSEC software.

Subscribe to Linux