SSL for one domain with two different IPs

Help
1

Hey, I have two servers, one in the US and one in Germany.

My clients in Germany are receiving invalid PTR records because the main domain is hosted and pointed to the US server.

So, I created two separate A records in QUIC.cloud DNS Manager, one for the US IP and the other for the Germany IP and now the PTR records for both servers are valid.

However, the main domain is now throwing SSL error while checking with Facebook debugger or any other online tool.

Here's the error:
"Can't validate SSL Certificate. Either it is self-signed (which will cause browser warnings) or it is invalid."

And when I tried visiting the main domain, it seemed to work fine with SSL. This could be because I set "Force HTTPS Redirect" in cPanel -> Domains.

How can I setup SSL that would work on both IPs? I read other threads however I am a bit confused, how can I install SSL on Germany server for my main domain that is hosted and pointed to the US since the Germany server won't allow me to add my main domain as it's already in use somewhere.

Any help please?

1 Like
2

Hi @AndrianBourne, and welcome to the LE community forum :slight_smile:

I don't think you came to right forum for your current need(s).
You are asking very specific design questions that are not geared towards certificate issuance.

If you are going to use the exact same name for both IPs, then you will have issues obtaining a cert from either IP.
You will have to do either:

  • use two different names
    [one for each IP]

  • use DNS-01 authentication
    [not HTTP-01 authentication]

With DNS-01 authentication, you can obtain an IP from anywhere on the Internet - that can update your DNS zone as requested by the ACME authentication process.
The most difficult part with DNS-01` authentication is automation - the DSP must support API updates of zone information.

If you chose to use separate names, then the problem goes away; And each name can obtain its' own cert independent of any other(s).

4 Likes
3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.