Renew cert on a standby haproxy server behind virtual ip

My domain is: scitest.esss.lu.se

I ran this command: certbot --text --agree-tos --non-interactive certonly -a standalone --keep-until-expiring --cert-name scitest.esss.lu.se -d scitest.esss.lu.se --http-01-port=8888 && (/bin/systemctl reload rh-haproxy18-haproxy.service)

It produced this output:
Detail: Fetching
https://scitest.esss.lu.se/.well-known/acme-challenge/ws-DhYhzqa43taCs2Yf7eLvvMiSTb-6x0oq1uVhgUMk:
Error getting validation data

My web server is (include version):

The operating system my web server runs on is (include version): CentOS 7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
0.31.0

My environment is two haproxy servers behind a virtual ip. Only the virtual ip ports 80 and 8888 are opened to the public network. Now the issue is for some of the sites, they can not be renewed on the standby server. The scenario is:
27 Feb: server2 standby and server1 running. Cert will be expired at March 16 so it is renewed on server2.
28 Feb: server2 running and server1 standby. Cert can not be renewed on server1. Got the error “Error getting validation data”

Why it can be renewed on server2 but fail on server1? Is it possible to renew certs automatically on both haproxy servers? If yes, how it works?

Thank you.

1 Like

Hi @limanzhang

only one idea: Did you switch your router / port configuration when changing server1 / server2?

And: Why isn’t it possible to use one certificate with both servers? May be easier.

1 Like

Hi JuergenAuer,

Using the same cert is one of our solution. But it would be great that if they can auto renew themselves.

We use the extactly same configuration for both servers, only primary/secondary tag are different on these servers.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.