How to resolve two apache server issue. Questions on certificate and renewal process.
I’m assuming you’re using a simple TCP load balancer that doesn’t speak HTTPS? Most load balancers people use these days do HTTP and SSL for you too, and in that case you need to get the certificate for the load balancer and not for the Apache origin servers (unless you are trying to do HTTPS between the load balancer and Apache too).
These load balancers typically also support forwarding to origins via path, so you can configure it to only send requests for
/.well-known/acme-challenge/ to apache1, apache2, or even certbot in standalone mode running on your load balancer itself.
If you are using a simple load balancer and do need to terminate SSL at the Apache level, you will have to forward requests from the second Apache server to the first somehow, via mod_proxy or a NFS share or so. Let’s Encrypt has no idea about your backend configuration, they only see the IP address for your load balancer, so it’s up to you to make it return the right thing.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.