I’m stuck on a noobie question with regard to setting up certificates with multiple freenas jails. A cookbook on installing nextcloud described the use of certbot and the cron job to perform the cert renewal which generally makes sense. However, i realize i would also like to use certs for other jails (such as a plex media server jail that i’ve already setup). I have a domain setup with duckdns and route the jail IPs/ports to ports exposed through my router’s port forwarding.
What I don’t understand is whether I want to setup a single jail to perform the cert renewal and have the certs in a common location available to all jails or if each jail should perform it’s own cert creation/renewal. In the latter case, the domain used in the certbot requests would be the same for each jail since this would just be the mysubdomain.duckdns.org which maps to my router. i’m not sure how letsencrypt service would behave with multiple jails making cert requests to the same domain so my guess would be the single set of certs shared between jails is the appropriate answer.
Forgive me if the question itself seems like i don’t know what i’m talking about since i freely admit… I don’t know what i’m talking about. Any pointers on the valid, easiest and appropriately secure method to setup a shared cert or multiple jail-centric certs is appreciated. I think i can then find references on the approprate way to use the certs with the specific services running in each jail.