Will Let's Encrypt work for me? (Multiple servers serving one domain)

Not a good solution. You must allow root-based access from one server to another. You can use SSH key, but it’s also not a very secure solution.

For you, perhaps.

Then use a different user.

How so?

Anyway, this user should have sudo permissions to

  • write to the directory with certificates in / etc (or symlink)
  • restart nginx

Currently the really best choice is to upload certificates to the home directory of this user, from which there will be a symlinks to /etc/ and setting something like inotify daemon to reload nginx when these files are changed.

Another solution is sshfs for certificates but the issue with the nginx restart/reload remains open.

An ssh key in authorized_keys can also restrict which commands a user authenticated through that key is allowed to run (maybe that was what you were referring to with “You can use SSH key, but it’s also not a very secure solution”).

1 Like