Will Let's Encrypt work for me? (Multiple servers serving one domain)

itrade24 · 2018-09-16 20:40:33 UTC

Not a good solution. You must allow root-based access from one server to another. You can use SSH key, but it’s also not a very secure solution.

danb35 · 2018-09-16 20:47:59 UTC

For you, perhaps.

Then use a different user.

How so?

itrade24 · 2018-09-17 14:38:38 UTC

Anyway, this user should have sudo permissions to

write to the directory with certificates in / etc (or symlink)
restart nginx

Currently the really best choice is to upload certificates to the home directory of this user, from which there will be a symlinks to /etc/ and setting something like inotify daemon to reload nginx when these files are changed.

Another solution is sshfs for certificates but the issue with the nginx restart/reload remains open.

schoen · 2018-09-17 22:20:43 UTC

An ssh key in authorized_keys can also restrict which commands a user authenticated through that key is allowed to run (maybe that was what you were referring to with “You can use SSH key, but it’s also not a very secure solution”).