I am trying to determine if there is a best practice in place for using letsencrypt with a load balanced IP address(anycast).
At this point I will say that I haven’t yet setup the servers and may not do so however I would like to
understand the best method for using letsencrypt in this type of infrastructure.
As standard when I generate SSL certificates I generally use webroot.
The issue as I see it using webroot is that it will create the well-known file on the server I am on however this server may be one of many that the DNS entries will resolve to when using an anycast address.
In an ideal world I would like a method of synchronising the well-know files with all the other servers prior to letsencrypts servers verifying the content. Is this something that is possible with webroot?
Looking at the documentation manual mode allows scripts to be called prior to the authentication, would this be the better mode to use?
Has anyone used letsencrypt on an anycast system and can share some advice?