Best way to renew wildcard certificate deployed on multiple servers


#1

I have multiple web servers which run a website with a subdomain. I would like to know what is the best approach to deploy certificates on these subdomains?

  1. I tried to create separate certificates for each subdomain but I ran into the limit per week (which is 20)
  2. I could use a wildcard certificate of the domain name for all the subdomains? The question I have here is with regard to renewal? Would it be safe to create cron jobs which will renew the wildcard certificate from each of the multiple servers? or Renew once and deploy on the servers whenever the certificate is updated?

Thank you for your thoughts on this.


#2

That’s certainly the most efficient play that minimizes your risk of hitting rate limits. You can achieve it by running Certbot only on one server and using some scripting in conjunction with Certbot’s --deploy-hook.

Edit: I documented one way to do it here: Automated deployment of key/cert from reverse proxy to internal systems


#3

If you can mount a shared folder on your servers, Caddy can automatically obtain and coordinate the renewal of certificates in a cluster – even wildcards. All you have to do is mount a shared folder and you should be good to go.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.