Run certbot from multiple clones

It is OK if I run certbot renew from two identical machines without synchronizing the result of the runs? Would certbot re-use already issued certificates or would it re-issue the certificates on every machine?

It will re-issue them on each machine. This is nonetheless OK for many purposes because the certificates can co-exist and each be valid at the same time. But be aware of the Let’s Encrypt issuance rate limits:

1 Like

Well it didn’t work… the verification callback is going to a random clone (d’uh).

(http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization

How can I make the verification callback go to the same machine?

You can’t. Let’s Encrypt will connect to one of the IP addresses defined by your domain’s AAAA or A record at random.

You could proxy requests from one server to the other so it eventually reaches the right one, or you could share the .well-known/acme-challenge via NFS or so between the servers.

Or if your DNS provider has an API or you run your own DNS server, you could use dns-01 verification method instead, which doesn’t have this problem.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.