I wrote my own client for situations like this – it stores the certs in SQL and a different tool provisions onto the right servers.
The official client’s datastorage model is pretty simple. You can use something like NFS to mount the ‘live’ directory of Server1 onto Server2 as readonly (You could also mount is as read/write and auth from either; or mount in a random location and symlink)
The issue you’ll run into is with renewal; you’ll need to use a single
well-known directory on NFS too (this way either server can respond to the authentication challenge)
- If the two servers host the same domains (loadbalanced) you’d probably want to only run the renewal/issuance off one server
- If the two servers don’t host the same domains, they will both try to renew the others’ domains