I’ve got a general question:
I have two servers (let’s call them A and B) and one domain
example.tld with several subdomains. Some subdomains point to server A, the others to server B. The domain itself points to server A.
If I generate a certificate on server A with
-d example.tld,sub1.example.tld, I get one certificate with
CN=example.tld DNS-Name=sub1.example.tld DNS-Name=example.tld
If I’d generate a certificate on server B, I could not use
example.tld in the domain list, as it does point to server A.
Is is somehow possible to generate a certificate for
sub2.example.tld on server B that also has
example.tld as CN?
Or should I rather redirect requests to
example.tld/.well-known/, generate the certificate on server A and copy it over to server B?