Automate Certificate issuance across multiple servers with a load balancer

Hi All,

I am trying to achieve the following here. I have 2 servers on AWS Lightsail and the servers are attached to a Load Balancer. I have a domain on Cloudfare and have pointed the domain from Cloudfare to the Load Balancer. I want to obtain a wildcard certificate for the pointed domain so that all the servers can access the same certificate.

Not just that i want to automate the entire process so that if there is a new addition of server in near future, the newly added server can also use the issued certificate.

I am new to SSL and Networking. Any help on the above would be really appreciated.
Thanks!

1 Like

If you are using an AWS Load Balancer, then the easiest thing to do is to issue a wildcard certificate via AWS ACM, and attach it to your LB:

Compared to using Let’s Encrypt, ACM is a superior solution for this situation as it will provide automatic renewal every 12 months without requiring any external intervention.

If you want to do this with Let’s Encrypt for some reason, then I don’t know of any out-of-the-box solutions that do what you want. It requires a lot of scripting to connect your ACME client to the Cloudflare API (for validation) to the AWS LB API (for deployment).

1 Like

I already have ACM for other resources but want to test Letsencrypt as it provides free certificates. And i am really not sure if i am going to stick with AWS in the long run. So need to test out Letsencrypt.

1 Like

Well, under that premise (ACM certificates are free as well?), you need to take the AWS LB out of the equation.

So the entire question has changed and has now become: how do I automate a Let’s Encrypt wildcard on an unspecified, non-AWS load balancer.

And the answer is: it entirely depends on what your new load balancer is (or whether you even use one - maybe you decide on round-robin DNS).

So I double-down on my advice: stick to the solution that makes sense right now.

1 Like