Im trying to get a certificate for es-revista.expipax.info sub domain. But the site is hosted in a Rackspace load balance
environment. I have tried to generate a certificate using the node 1 server and it gives an error ;
Failed authorization procedure. es-revista.expipax.info (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Connection refused
Following are the load balance setup and server configurations in each node server.
Load balance IP : 126.96.36.199
Node 1 : 188.8.131.52
Node 1 : 184.108.40.206
Node 1 : 220.127.116.11
the subdomain DNS is point to the LB server (18.104.22.168) http://es-revista.expipax.info/vc/revista/
Node server configurations are as follows.
System : CentOS 6.3 with Apache server
I have followed the instructions given in https://certbot.eff.org/#centos6-apache
With a load balancer in play it’s a game of hit or miss.
In this case you have a one in three chance of success per name in your request.
So if you had four names in your request your odds are one in three (four times) = 1 in 81.
So, you could try it over and over until you succeed.
Or, if you can, try using DNS authentication which is a lot closer to 100% success rate.
Thank you for the feedback,
by webroot certonly method I have managed to get the certificate to the first server, Is it required to get separate certificates for all three servers in order to success. Or can I user the same certificate in all three servers and configure the Vhost ?
No, you could copy the certificate, chain, and private key onto each server. That will be fine.
One thing to keep in mind in this case is that Let's Encrypt certificates expire in 90 days. Certbot has a feature called
certbot renew to automatically renew them (it might be run automatically from
cron on your system already, depending on how Certbot was installed). If you do copy the certificates onto other servers,
certbot renew can no longer update the certificates on the other servers automatically (not even if you also run
certbot renew on those servers).
So, in this case you should also think about what you'll do when the certificates are renewed. Basically, you have to repeat the copying process that you did the first time. If you're familiar with shell scripting, you may be able to write scripts to help automate the remote certificate deployment. There is an option to Certbot to run a particular script after a certificate is obtained.
Thank you for the suggestions.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.