Copy a certificate to other servers and renew (Load balanced)


I’m in need of writing a script to copy certificate from one node on a load balanced cluster server to another. Which files do I need to copy and how to handle renewing on the other server?

Does something like this work?

scp keyfiles remote@server:/key-directory
ssh remote@server “apachectl graceful”

Thanks in advance

As long as the Apache on the other side is configured properly then yes. Note that if you’re using certbot that /etc/letsencrypt/live just contains symlinks to /etc/letsencrypt/archive, so you may need to copy both. (I forget if scp dereferences symlinks…I always use rsync for things like this…)

Or instead of scripting it yourself, use the getssl client, which can handle this for you:


That sounds great. I’ll check it out!

Thank you.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.