I have certbot working with route53 DNS authentication working just fine when running manually from command line. I’m now looking to automate it a bit more.
We are creating SSLs for Haproxy Vips that run in our Lab Environments.
We run a pool of multiple haproxy nodes across the 3 environments that are duplicated in 2 locations. So we would have:
env2site1-haproxy-1 env2site1-haproxy-1 env2site2-haproxy-1 env2site2-haproxy-2
Seeing how I don’t think it would be best practice to have each haproxy node run its own certbot, as that create duplicate SSLs for the same vip name (if thats even possible), I was thinking of creating a jenkins job that would run the certbot command for each vip, commit the /etc/letsencrypt to a github repo, and then have the haproxy nodes pull down that folder, put it in place via puppet.
This would allow me to delete/spin up/add new haproxy nodes and reuse the SSLs that have already been generated.
Question 1: Does letsencrypt work that way? Is it easy to move these folders/ssls around like I’m hoping?
Question 2: should I just be having each haproxy node run its own certbot and be done with it?