I have 4 servers in the US: NYC, ATL, SEA, and LA.
For each server, I have a cert for the respective nyc.site.com, atl.site.com, etc.
When my code has the ability to select which server to use, it can explicitly request the corresponding subdomain. This part is fine.
I think what I need to do is choose one server to act as the primary. It can have a cron job to call certbot renew. Then it can then scp /etc/letsencrypt/live/www.site.com to the other servers.
Then I guess I’ll setup a cron job for the non-primary servers which only refreshes their subdomain such as atl.site.com.
Does this seem like the correct approach?