Multiple Webservers


#1

Please excuse if this is a dumb question. However, if I have multiple webservers hosting a site, do I need to get seperate certs for each or can they share a certificate?

Thank you!!!


Mulitple Webservers (kind of)
#2

Assuming they are all for the same FQDNs, they can share the same cert (CA and private key).


#3

@jgatkins20002, one thing to bear in mind is an update strategy for when the certificates expire and need to be renewed (currently every three months for all Let’s Encrypt certificates). While Certbot has a certbot renew feature to try to simplify the renewal process, it normally acts only on the single server where it’s run; it doesn’t have a built-in way of distributing or pushing the new files to any other servers. So if you have multiple servers sharing the same certificates and keys, you’ll also need some plan or strategy for updating them all before certificate expiry.


#4

@schoen --renew-hook or --post-hook would work for that purpose.


#5

Yes, a nice opportunity to learn about or get more practice with shell scripting!


#6

I have the same situation.
I run on a dedicated server (VM) the dehydrated client with some hooks for deploying my certificates.
After issueing it’ll rsync those certificates to the servers that hosts the specific hostname which requires the certificate and reload the configured services.

Authorizing the certificate is done by DNS, which makes it a lot easier in this case.

It works like a charm :slight_smile:


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.