Multiple servers -- backup / load balancing


I have 4 servers in the US: NYC, ATL, SEA, and LA.
For each server, I have a cert for the respective,, etc.
When my code has the ability to select which server to use, it can explicitly request the corresponding subdomain. This part is fine.

The part I need help with is the domains they share.
Right now NYC has a cert for,, and
The other servers should also be able to host these domains.

I think what I need to do is choose one server to act as the primary. It can have a cron job to call certbot renew. Then it can then scp /etc/letsencrypt/live/ to the other servers.

Then I guess I’ll setup a cron job for the non-primary servers which only refreshes their subdomain such as

Does this seem like the correct approach?


Assuming that [] and [,,] are intended to be separate certificates, that sounds fine.

You can improve things slightly by not requiring the servers to be able to login to each other:

  • Use --reuse-key so the private key doesn’t change at renewal time
  • Publish fullchain.pem in a --deploy-hook on the primary server to a public location so the other servers can just pull it at their leisure

but that’s just nitpicking.

If you intended for this to be a single certificate, then using DNS validation might be a better choice, since each server would be able to authorize itself for all of the names independently.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.