Accounts and Wildcard Certs

Hi

I am looking into how we may utilise LetsEncrypt and I have successfully created Certs for HAProxy on PFSense and Windows IIS via Certify the Web and used wilcard certs with DNS validation through Cloudlfare API. I was very happy with the experience and applaud LetsEncrypt and the community for how well this has been implemented.

My question is that on each site I have one PFSense and the ACME client created an account with LetEncrypt wildcard cert. I have maybe 3-4 IIS Servers which I will use Certify the Web to get wildcard certs and it didn’t give me the option to use the same account so a new account was created for each IIS Server, these were all from the same Public IP and worked fine.

I have 40 other sites that I would like to do the same from all with separate Public IP’s is this the best way to do it? Should I have separate accounts per server all with the same email address?

Any advice would be great on how to structure this?

Thanks
David

1 Like

Hi @Paraffin

there is no general rule. If you have a working solution, use it and be happy :wink:

You can use

  • one ACME client per machine / ip address (or)
  • only one global ACME client with a certificate deployment

(1) - you have to update a lot of clients
(2) You must only update one client. But the deployment of the certificates may be an additional problem, (1) doesn’t need that.

And 40 sites are not “too much”.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.