Let people specify a subdomain in the configuration files for verification purposes

carpool · November 5, 2019, 4:57pm

I think a really easy way to help people set up Let’s Encrypt on servers behind a load balancer would be to have a configuration setting where we can specify a subdomain for verification purposes that goes directly to the server and skips the load balancer.

For example, let’s say I am hosting example.com with two Ubuntu 18.04 servers behind a Cloudflare load balancer pointing to Server1 and Server2 randomly.

It would be very straightforward to set up server1.example.com to point to Server1 and server2.example.com to point to Server2 skipping the load balancer entirely.

Then, when I run certbot on Server1, if I could tell it to look for the verification file on server1.example.com I imagine the setup would be a lot easier!

JuergenAuer · November 5, 2019, 5:00pm

That’s not required. Use redirects.

danb35 · November 5, 2019, 5:52pm

Sure it would be easier. But it wouldn't demonstrate control over the root domain, only over server1, thereby defeating the purpose of the validation. As Juergen says, there are other ways to accomplish this without breaking domain validation--one would be to set up your load balancer to send all requests for /.well-known/acme-challenge/whatever to a designated place; another would be to use DNS validation.

system · December 5, 2019, 5:52pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to specify a subdomain to verify with (load balancing) Help	15	2553	December 5, 2019
Certificate for just a subdomain Help	11	32345	January 7, 2017
Need to configure public access to server before generating SSL? Help	9	2357	October 18, 2017
DNS challenge for multiple domains behind load balancer Help	10	2239	April 27, 2022
Using Let's Encrypt with AWS ELB Server	10	47867	June 30, 2017

Let people specify a subdomain in the configuration files for verification purposes

Related topics