I have multiple server (apache, nodejs, mailserver, …) sharing same certificates and i need to copy certificate files on multiple server after each renewal. I think i will dedicate a virtual machine to generate and copy certificates on all machines.
Is it a good practice ? If yes, how can i tell certbot to launch a script after each automatic renewal ?
Voici les infos demandées :
Web server : Apache/2.4.29 on Ubuntu 18.04.1 LTS
Bind server : BIND 9.9.5-3ubuntu0.2-Ubuntu on Ubuntu 14.04.1 LTS
NFS is unencrypted so not suitable for your private key if your network isn't secure. Personally, I would use scp / ssh to copy the cert and private key. Of course you'll also need to reload the service so it uses the new key, which might be done with perhaps the same ssh command. I'm pretty sure you might find others which already scripted solutions for this on the world wide web.