Hmm sorry about the formatting of my post. This is my first post here and I don't see anyway to edit my post
Any way, what did not show up in my post is that all 3 curl commands were able to successfully connect.
No worries. I even fixed the couple parts you had not yet.
Anyway, the problem is the 2 different IP addresses for your domains. Lego needs to prepare both of your servers so they can reply successfully to Let's Encrypt authentication server. You can see in the log that dev and dev1 worked as that is where lego is. But, dev2 failed.
I don't know lego very well and maybe there is a way to have it setup a "remote" server too. Usually you run an ACME Client on each server. So, one on your dev and dev1 machine and another on dev2.
Another option is the DNS Challenge. You can get a cert from a single machine that covers any domain name you control. You can even get a wildcard cert. If you run lego on dev1 you still need to copy the resulting cert to dev2. So, maybe just easier to run lego on each?
While I admint I too don't know much about lego, it seems OP is using the tls-alpn-01 challenge. And while theoretically it wouldn't be impossible to expedite this challenge to other servers, practically I don't think it's possible.
The http-01 challenge is probably much easier to do this with.
Yeah, I don't know lego well enough to describe multi-server challenges - http or tls-alpn.
Even if that is possible, retaining TLS-ALPN and running lego on each machine even easier
Just looking and see Hover as DNS provider. I don't think they offer an API to allow automating the DNS Challenge. Two lego much better than manual DNS Challenge (almost always).
So all 3 host names will resolve to a different IP address.
The devLB hostname will be an address that a level-4 load balancer network device will be listening on, sending any of that traffic to either dev1 or dev2. So there will be no devLB server to run any ACME client commands on.
What is the easiest way to accomplish this via letsencrypt by using lego or some other ACME client?
I am not locked into using lego, but maybe there is a way to use lego by choosing a different challenge method? How would that command look?
What is there another ACME client tool that could easily handle this type of cert request? Do you have an example?
By using a DNS Challenge. You can run that on any machine and just distribute the certs as needed.
For now you would be limited to using a manual option as I am nearly certain Hover does not support an API that would allow automated renewals.
For that you should switch DNS providers. Cloudflare is very commonly used although there are certainly others. Just make sure lego or whatever ACME Client you choose also supports that new DNS provider.
The lego manual option is described here. Also see the general lego CLI page and all the --dns related options
