I want to enable ssl in Shield and for that I need to issue a signed certificate as I already described in other question. The problem here is that for each new elastic node I would need to issue new signed certificate so the node could join the ssl protected cluster… Right now I have already “spent” all of my weekly subdomains requests.
Is it possible to sign only one certificate for test.domainname.com and copy it to all the other nodes (different servers same domain)?
Failed authorization procedure. test.domainname.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: NXDOMAIN looking up A for test.domainname.com
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Don’t put test.domainname.com in the CSR, all 100 subdomains need to be in there. You should get es1.test.domainname.com as the common name but with all the other ones in the alternative names.
but it is not going to work…
say I signed 30 Elasticsearch domains - es1.test.domainname.com as the common name and all the others es2-30 in the alternative names. Ok, but tomorrow I will need to add one more server to the cluster - es31.test.domainname.com- I will need to make another certificate that includes the new server and replace in each elastic server the installed certificate with this new one == nightmare.
Is there a way to sign general domain certificate that I can copy to the sub domain servers?