I have 2 (potentially 3) servers on my LAN (dev, test, prod) that have nginx on port 80. I want a wildcard *.domain.net certificate to be shared, but my understanding is that I can only forward port 80 (incoming requests) to one of these servers. Yet I'd like to use certbot for certificate management.
What are my options? Seems like prod should use the standard port, with certbot configured for that server (prod - production), and then manually copy the certs to dev and test.
What's the best practice on this?