I have two servers, both of which use the generic domain name certificate. When the certificate is about to expire, one server will perform the automatic update procedure to update the latest certificate. If the other server also performs the automatic update, can it also update the latest certificate?
If not, do you have any good suggestions?
Hi @leksas,
One option in this case is a "deploy script". For example, Certbot has --deploy-hook
to let you specify a script to be run when a new certificate is obtained (and other Let's Encrypt clients have similar features). In that case, the script can perform an action to copy the new certificate and chain (and, if applicable, new private key) onto the other machine.
There are other options if that's not feasible, depending on which challenge method you use or want to use to get your certificate.
For example, if you use DNS-01, then any machine anywhere can get a new certificate if it has appropriate credentials and means to update DNS TXT records from software. For HTTP-01 challenges, the ways of dealing with load balancing, round-robin, and similar setups depend on your particular configuration—so if you're interested in that, can you tell us more about your specific setup?
OK, thank you for your answer
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.