Please excuse if this is a dumb question. However, if I have multiple webservers hosting a site, do I need to get seperate certs for each or can they share a certificate?
Thank you!!!
Please excuse if this is a dumb question. However, if I have multiple webservers hosting a site, do I need to get seperate certs for each or can they share a certificate?
Thank you!!!
Assuming they are all for the same FQDNs, they can share the same cert (CA and private key).
@jgatkins20002, one thing to bear in mind is an update strategy for when the certificates expire and need to be renewed (currently every three months for all Let’s Encrypt certificates). While Certbot has a certbot renew
feature to try to simplify the renewal process, it normally acts only on the single server where it’s run; it doesn’t have a built-in way of distributing or pushing the new files to any other servers. So if you have multiple servers sharing the same certificates and keys, you’ll also need some plan or strategy for updating them all before certificate expiry.
@schoen --renew-hook
or --post-hook
would work for that purpose.
Yes, a nice opportunity to learn about or get more practice with shell scripting!
I have the same situation.
I run on a dedicated server (VM) the dehydrated client with some hooks for deploying my certificates.
After issueing it’ll rsync those certificates to the servers that hosts the specific hostname which requires the certificate and reload the configured services.
Authorizing the certificate is done by DNS, which makes it a lot easier in this case.
It works like a charm
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.