Using 1 hostname for 2 traefik in different zones

We currently use 1 traefik with the SSL certificate for the hostname we use in our development site on-prem.
Now, we want to replicate(clone) this traefik in AWS and use Route 53 to resolve our hostname for 2 IPS (one IP is the on-prem traefik, and the other IP is the traefik in AWS).

In this case, both servers should be using the same SSL certificate.
Any suggestion on how this can be done? And the considerations that we should be taking into account?

Why? What would be wrong with each Traefik server independently obtaining a certificate for your domain, via Route53 DNS authentication?

YMMV but unless you want to cluster your Traefik servers and have them used shared storage to access the same certificate, that seems more simple to me.

4 Likes

...and simpler too - lol

3 Likes

Thank you.
I was concerned that if both servers were obtaining the certificate for the same hostname but coming from different IPs, the LetsEncrypt certificate service could block those IPs. But if you think that there won't be any "security" issues with having 2 servers requesting a certificate for the same hostname, then I am good :slight_smile:
(Route 53 will be used to resolve to an IP with the lowest latency)

In the scenario using shared storage, one of the servers should be in charge of obtaining the certificate then.

Take a look at rate limits to see the circumstances under which Let's Encrypt would temporarily block you. With only 2 servers, I think you should be 100% OK to issue 2 duplicate certificates.

3 Likes