Syncing certificates between a load balanced server (permissions, best practices, etc.)

carpool · November 6, 2019, 4:44pm

So my configuration looks like this

User -> Cloudflare -> Cloudflare Load balancer
-> 50% -> Server 1
-> 50% -> Server 2

Server 1 and server 2 are identical, Ubuntu 18.04 with NGINX

I’ve set it up so I can generate certificates on server 1, and have a static.server1.com dns for verification purposes. It issues certificates perfectly!

*** Question ***

What is the best way to sync the certificates from Server 1 to Sever 2?

I read in another thread that I should sync the entire /etc/letsencrypt/ folder, so I tried rsync and ran into permission errors. Before I go about changing the permissions I thought I would ask here and see if there are any suggestions.

Thanks!

Osiris · November 6, 2019, 6:05pm

rsync through a secured channel (e.g. SSH) is probably a good way to distribute the private key and certificate(s). The private keys should be root accessible only, so if you’re using an other user to access the private key(s), you’ll run into permission errors indeed. I personally don’t see an issue with running rsync as root to synchronise the private key(s) and certificate(s).

system · December 6, 2019, 6:05pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Advice on using LetsEncrypt in a load balancing setup (SSL passthrough) Help	4	14500	May 21, 2018
Which keys to use in Load balancer, when server handling multiple domains? Help	5	1771	August 27, 2016
Let´s Encrypt + Load Balance (Force Callback) Help	13	1527	December 24, 2021
Cert for Digital Ocean Load Balancer, Cloudflare DNS? Server	13	4351	November 27, 2018
Copy a certificate to other servers and renew (Load balanced) Server	3	4535	April 14, 2018

Syncing certificates between a load balanced server (permissions, best practices, etc.)

Related topics