Not sure how to run with this setup, have tried certbot-auto, but it fails, think this is due to the setup.
2 entries in DNS running in round-robin pointing to 2 loadbalancers in 2 different data centres which then point to 2 different web servers in 2 different data centres, SSL cert is installed on loadbalancers and on web server.
Anyone got any pointers?
Issuing a certificate using the
dns-01 challenge type may be a good way to go for you. That way, the ACME client can run anywhere you deem appropriate. Once the certificate is issued, you can securely transfer the key/certificate to both load balancer systems, and reload their services.
Hi Sorry for the delay in responding, that sounds a good solution,
but I think I would then need to renew and transfer each time the SSL was renewed,
is this correct?
That is correct, all the issuance and renewals would be handled by the system with the DNS API credentials. Following issuance or renewals, the new certificate(s) would need to be transferred to the load balancers each time. Most clients (
certbot included ) will allow you to specify hooks which are executed after each issuance/renewal attempt. Could be helpful for your situation.
Many thanks ezekiel, think I have what I need to get it going.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.