I have a cpanel server with autossl, lets call it hostA.domainname.com, and a backup centos web server that only does http using lightspeed. It is called hostB.domainname.com and uses certbot.
I have dns configured for my website to use the ip address of host A if its up, and fail over to the ip address of host B if it is down.
The only issue is how to renew the ssls on host B. It seems to only work if it is in failover mode, and I think that will be a problem when it comes time to renew them if host a is up.
Would I be better off just to copy the cert files from the cpanel server to the centos server than to try and auto renew with new certs?
If you can copy the files securely (private key included) from A to B whenever A updates, then that is a very simple solution.
Otherwise, the best answer for you depends on factors unknown to anyone else… Like:
How much (secure) access does A have with B (and vice versa).
How much coding you are willing and able to do.
Is it possible to tell cert bot to check via ip instead of domain name?
The 2 servers are connecting via ssh with a private key I made for the rsync process that is different than the private key I use to login.
Certbot will only follow FQDNs (not directly to IP addresses).
You can, however, create unique FQDNs for each server and update all http vhost configs to forward to whichever is currently in charge of cert renewals.
That opens up a lot of possibilities.
Another thought that might work…
If you use the exact same LE account on both systems, you could just sync them that way.
Whichever renews first would go through the renewal process and the other would just get the updated cert when requesting renewal (without having to actually renew).
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.