Good day. I am running a setup involving a couple of nodes load balanced by a single nginx server. That nginx is also responsible for https termination which I want to be handled by certbot. I am destroying and recreating the whole setup a couple times every day.
The problem I’m stumbling upon is that on every deployment my certbot is requesting a new certificate which causes me to hit my rate limit very quickly.
My thinking is that I should somehow deploy with an existing certificate, but how to get the certificate in the first place? Should I run certbot on my development machine or retrieve the certificate from a previous deployment? And what about data that certbot generates and requires for the renewal process?
Surely I’m not the first person in this situation, and some brighter minds must have found a clean solution to this problem. Please help!
simple answer: That's the wrong setup. Create a setup without destroying certificates. Create one certificate, then save it and re-use it 60 - 85 days.
If you save all of /etc/letsencrypt, Certbot should reuse everything successfully. You may want to make your nginx configuration also persistently default to the file locations within /etc/letsencrypt/live.