LetsEncrypt certificates across different servers


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.harvestdata.today - This is registered and hosted with Godaddy India. I have created multiple subdomains (in DNS records with Godaddy). These subdomains are:
web.harvestdata.today - this is a Linux Server @ AWS (this also has alias of www.web.harvestdata.today)
hub.harvestdatab.today this point to sparrow.harvestdata.today - this is another Linux server @ AWS (no DNS registrations as of now)
app.harvestdata.today - this points to an Oracle Apex url hosted on web.harvestdata.today

I ran this command:
I had successfully generated Letsencrypt certificates for web.harvestdata.today & www.web.harvestdata.today. However, due to my ignorance (foolishness?), I deleted those certs! In another thread (How to get ‘A’ rated cert!?) I have been GREATLY guided and supported by @JuergenAuer, @danb35, @mnordhoff & @_az on the topic of regenerating the certs. Many ‘A’ thanks to them! :slight_smile:
It produced this output:

My web server is (include version): Apache/2.4.34 on AWS!

The operating system my web server runs on is (include version): Amazon Linux 2

My hosting provider, if applicable, is: in.godaddy.com

I can login to a root shell on my machine (yes or no, or I don’t know): Yes for AWS. No for Godaddy as it is shared hosting

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes

MY QUERY IS: (pardon my complete ignorance on networking and SSL certificates)
I wish to enable https on www.harvestdata.today (hosted with GoDaddy) and sub-domains pointing to other Linux servers hosted with AWS.

Can I generate the certificates at one-go on linux servers and then update them with Godaddy?
Or is there another better (simpler?) way?

Thanks

Regards


#2

Hi @samraw003

the typical situation: You have one webserver with one or more domains / subdomains, so you run one ACME-Client (certbot, acme.sh or other) to create and install the certificate.

It’s not relevant if one is the domain name and others are subdomains of that domain name or other domains.

But:

  • Check your main domain www.harvestdata.today if there is an integrated solution. Shared hosting has some limitations, Godaddy India may have other limitations then Godaddy otherwhere (I don’t use that).
  • Your other domains: You may install a client per server. It’s also possible that you use acme.sh, there is a Godaddy - DNS-Addin, so you can use dns-01 - validation. Then you don’t need a running webserver (http-01 - validation needs a running webserver or creates an own webserver).
  • If you are able to copy the key and the certificate file (with automation) from one server to another, you can use dns-01 - validation one one server and copy the files to the other server.

Acme.se - source:


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.