Configure LE for 1 Public IP; 5 separate servers

#1

Hi:
I’d like to create 1 LE VM server that will store the SSL certs for 5 independent VM servers sitting behind the LE instance (total 6 VM). I only have 1 public IP to spare. I think I may need to issue all ssl’s to the LE server, then mount the other servers.
Not sure how this is accomplished. Can someone help me and/or provide a link to any documentation?
Thank you.
~e

#2

Could you provide more information on how the servers will be set up? As in, will there be a single VM acting as a load balancer/reverse proxy?

As you only have one public IP, I’m assuming you’re just using a single VM as load balancer. Therefore, it would be most logical to use that load balancer as a SSL endpoint with a LE certificate. In your internal network, which I assume is safe from Man in the Middle attacks, you’re not really required to use SSL. If you do want secure transfer between the privately connected VMs, you can always use your own certificate authority for that purpose.

#3

Hi @eyebank

the number if ip addresses isn’t relevant, most networks have only one external ip address.

More important: Are these different domains or is it the same domain name? If these are different domain names, there is no additional LE instance required.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

#4

Hi,
Thanks for the reply. The 5 vms sitting behind the LE vm will have different sub domain names (ie: rocket.sun.org, fuel.sun.org, etc). I just can’t figure out to setup the LE vm to handle issuance and renewal of all the ssl. I see numerous post for situations like: “…3 domains on 1 server”, but that is not my situation.
Thanks

#5

Thanks for helping me with the terminology.
Since the domains will be different I’m thinking the LE endpoint will be a reverse proxy. I believe this will be the scenario.