Running multiple ec2 instances wanting to store certs on EFS

Hi,

I am looking to run multiple nginx servers, currently only one will be running certbot, but I am trying to store the letsencrypt certs onto a different hdd than the letsencrypt. Can I change the /etc/letsencrypt path? Is there a config? the different hdd is automatically shared between all the nginx servers, so they would all load the same cert files.

Thanks,

1 Like

Yes.

If you mean an option for certbot to change that: yes. Please see the output of certbot --help all.

I do not know if those path option(s) are stored in a renewal file. I’m guessing it’s not possible to add it to cli.ini, as that configuration file is stored in the configuration directory. So that would lead to a catch 22.

1 Like

correction certbot-auto, i do not see a --config in the certbot-auto --help

1 Like

certbot-auto is just a wrapper script, it should pass thru the output of the underlying certbot. Did you try certbot-auto --help all? Or just check the site I linked to.

1 Like

I missed the all, I see it now, thank you, I looked at the link but I think i have what I need, thank you Osiris!

1 Like
  -c CONFIG_FILE, --config CONFIG_FILE
                    path to config file (default: /etc/letsencrypt/cli.ini
                    and ~/.config/letsencrypt/cli.ini)

I do not see a cli.ini file anywhere, I tried copying the letsencrypt folder to my volume, and I scanned for cli.ini, but I am not finding a config file.

Thanks.

1 Like

Check out the --config-dir option, and maybe some of the other related options. (Like, for example, --work-dir.)

I’m not sure you need --config. I’m not sure you can use --config.

Most Certbot packages don’t create a /etc/letsencrypt/cli.ini file by default, since the defaults are fine. But I don’t know if creating a file in /etc/letsencrypt/ saying "don’t use /etc/letsencrypt/" works.

Using the home directory config file location might be good, if that works for you.

Or always remembering to set the options on the command line.

Or maybe sym linking or bind mounting /etc/letsencrypt/, so everything can just use the default paths?

1 Like

Or maybe sym linking or bind mounting /etc/letsencrypt/ , so everything can just use the default paths?

AWESOME IDEA! I have copied the letsencrypt folder to my efs volume, and I am going to make the deployment make a symlink to that folder! that should work! thank you so much for the idea!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.