| ▲ | abcdefg12 2 days ago |
| And you have two or more servers serving this domain you’re out of luck |
|
| ▲ | lmz 2 days ago | parent | next [-] |
| And this is different from DNS how exactly? The key and resulting cert still needs to be distributed among your servers no matter which method is used. |
| |
| ▲ | cpach 2 days ago | parent [-] | | With dns-01, multiple servers could, independently of each other, fetch a certificate for the same set of hostnames. Not sure if it’s a good idea though. | | |
| ▲ | lmz a day ago | parent [-] | | Multiple keys and certs for the same hostname? Will the CA even issue that? | | |
| ▲ | cpach a day ago | parent [-] | | I guess it depends on the CA, but some do. Let’s Encrypt does, for example. I guess it’s useful for HA deployments, where load balancers might be spread out across multiple datacenters and stuff like that. NB that rate limits apply https://letsencrypt.org/docs/rate-limits/ |
|
|
|
|
| ▲ | account42 2 days ago | parent | prev [-] |
| Not really, just forward .well-known/acme-challenge/* requests to a single server or otherwise make sure that the challenge responses are served from all instances. |
