You show the cert need for three separate systems:
But then show two [NGINX] configs (that are both using port 80) and no Apache config.
That combined with:
So, I can only assume that you intend on using NGINX to obtain the certs automatically.
I do think that can be done.
In the simplest solution:
- You will need an Internet DNS to resolve all three names to an IP(s) that can reach that system.
- You will need to forward all port 80 connections to the "primary" web service.
[you have Apache and NGINX - pick one to be main/proxy - I would choose NGINX] - You should handle all the challenge requests within one single web server.
[this will reduce any troubleshooting down the road]
they may require custom excludes from redirection (preferred) - You may need to manually update the secure vhost configs (within both web servers) to use the obtained certs (simplest via
--certony) - Depending on the number of real Internet IPs available, you may need to proxy all requests (http & https) through one system (the main one).
- You may need to include a custom script to run when any cert is renewed to restart/reload any affected system (Apache/NGINX/email).
And if I missed anything:
You may need to return here to ask additional question(s).
[which we should be able to answer]