Let people specify a subdomain in the configuration files for verification purposes

I think a really easy way to help people set up Let’s Encrypt on servers behind a load balancer would be to have a configuration setting where we can specify a subdomain for verification purposes that goes directly to the server and skips the load balancer.

For example, let’s say I am hosting example.com with two Ubuntu 18.04 servers behind a Cloudflare load balancer pointing to Server1 and Server2 randomly.

It would be very straightforward to set up server1.example.com to point to Server1 and server2.example.com to point to Server2 skipping the load balancer entirely.

Then, when I run certbot on Server1, if I could tell it to look for the verification file on server1.example.com I imagine the setup would be a lot easier!

That’s not required. Use redirects.

Sure it would be easier. But it wouldn't demonstrate control over the root domain, only over server1, thereby defeating the purpose of the validation. As Juergen says, there are other ways to accomplish this without breaking domain validation--one would be to set up your load balancer to send all requests for /.well-known/acme-challenge/whatever to a designated place; another would be to use DNS validation.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.