2 servers 1 certificate for same domain

mm-psymbl · March 11, 2021, 12:36pm

Hi everyone

I have a nodejs api deployed on a digitalocean droplet on ubuntu 20 and all runs fine.

Now i wanted to have a website for a project im doing and i wanted a different server so i created a wordpress droplet(ubuntu 20 but running apache) and im struggling getting it to work given the fact that my ssl certificate is in my original server. My question is how can i have my new wordpress droplet on the same domain using letsencrypt that i use on my main server with nginx?

This is my config on nginx

server {

    server_name psymbl.app www.psymbl.app;

    set $upstream 46.101.58.206:443;

    location ~ /\.well-known/acme-challenge/ {
            allow all;
            #default_type "text/plain";
            root /var/www/letsencrypt;
            try_files $uri =404;
    }


    location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.

try_files $uri $uri/ =404;

            proxy_pass_header Authorization;
            proxy_pass https://$upstream;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_http_version 1.1;
            proxy_set_header Connection “”;
            proxy_buffering off;
            client_max_body_size 0;
            proxy_read_timeout 36000s;
            proxy_redirect off;
    }

    location ~ ^/(node|socket\.io) {
            #your proxy directives
            proxy_pass http://localhost:3003;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
    }

    location /api {
            proxy_pass http://localhost:5500;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
    }

listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/psymbl.app/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/psymbl.app/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

Appreciate any help

Standard info below:

My domain is: psymbl.app

I ran this command:

It produced this output:

My web server is (include version): apache and nginx

The operating system my web server runs on is (include version): ubuntu 20

My hosting provider, if applicable, is: digitalocean

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.40.0

jvanasco · March 11, 2021, 2:54pm

The Certificate is tied to the Domain(s), not the server(s).

In your situation, the common approaches are:

Use a proxy in front of your servers, and terminate SSL there
Copy the Certificate+Key (or letsEncrypt Directory) from one machine to the other
Have the Certificate+Key stored on a shared directory, block storage or cloud storage

system · April 10, 2021, 2:55pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.