Best way to renew wildcard certificate deployed on multiple servers

moule3053 · July 12, 2018, 9:22am

I have multiple web servers which run a website with a subdomain. I would like to know what is the best approach to deploy certificates on these subdomains?

I tried to create separate certificates for each subdomain but I ran into the limit per week (which is 20)
I could use a wildcard certificate of the domain name for all the subdomains? The question I have here is with regard to renewal? Would it be safe to create cron jobs which will renew the wildcard certificate from each of the multiple servers? or Renew once and deploy on the servers whenever the certificate is updated?

Thank you for your thoughts on this.

_az · July 12, 2018, 10:14am

That's certainly the most efficient play that minimizes your risk of hitting rate limits. You can achieve it by running Certbot only on one server and using some scripting in conjunction with Certbot's --deploy-hook.

Edit: I documented one way to do it here: Automated deployment of key/cert from reverse proxy to internal systems - #4 by _az

mholt · July 13, 2018, 8:01pm

If you can mount a shared folder on your servers, Caddy can automatically obtain and coordinate the renewal of certificates in a cluster – even wildcards. All you have to do is mount a shared folder and you should be good to go.

system · August 12, 2018, 8:01pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Renewing wildcard domain with subdomains on multiple servers Server	13	5056	May 30, 2018
Update wildcard certs on multiple server Help	5	2271	October 17, 2021
Question about renewing wildcard Server	5	1220	May 4, 2018
Multiple Web Servers Server	2	925	May 31, 2018
Multiple certificates for same domain Help	5	4745	February 17, 2019

Best way to renew wildcard certificate deployed on multiple servers

Related topics