I have a linux virtual server LVS tunneling (load balancer) this attend the client petitions and behind 6 apache servers (lvs clients) resolved this petitions, whats the correct way to configure let´s encrypt. Im using only one domain. Thanks.
For layer 4 load balancing, usually you will want to have some shared storage (e.g. NFS) for the ability to fulfill HTTP challenges and store private keys, certificates and renewal parameters.
Failing that, you can have the load balancer perform the certificate issuance and installation, provided that:
- The load balancer can use the DNS challenge, since LVS is layer 4 and isn’t able to catch the HTTP challenge requests, … or … it can remotely deploy (e.g. via SSH on the internal range) the HTTP challenge files to each backend
- The load balancer is able to remotely (e.g. via SSH) deploy the certificates to each backend and reload Apache
You can either use some kind of shared storage like NFS, or copy the certificates to each server.
I do it with a script that uses SSH to place the verification token on the web servers, and then uses rsync to transfer the certificate to each server.
If you have a configuration management system in place, such as Salt or Puppet, you could use that to keep your servers on the same page.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.