Hi all,
I have a route53 DNS record that is linked to 2 IP addresses. One IP resides in the US and on in the EU. Based on the latency of the client, route53 can decide which IP is the best choice. It works pretty cool, much cheaper as compared to their load balancer. If you fill in your DNS in https://www.whatsmydns.net/ and have it checked, you can nicely see that the US regions all pick the IP from the US server and the EU regions pick the IP from the EU server.
Anyway, I am using this script https://github.com/tomyates/letsencrypt-install-elasticbeanstalk-single-instance to install autocertbot on my servers and it works perfectly for the US server.
However, when I deploy it on my EU server it fails because it obtains the US IP instead of the EU IP. This itself is strange, because when I perform:
dig dns-of-my-server
On my US machine, I get the US IP and when I perform this task on my EU machine, I get the EU machine. Just what you would expect.
I would have expected that certbot also would get the EU IP when performing the autocertbot task on a EU server but it probably does a different check which results in the US server IP. This then results in IP mismatch and certbot fails.
Is there a way to inform certbot to check for multiple IP addresses linked to this DNS name? Is there a way to do this task? I can login to these machines and have root access so I could perform the manual DNS acme check but I would like to employ the autorenewal feature of autocertbot.