Page 1 of 1

short SSL question

Posted: Wed Sep 01, 2021 4:12 pm
by CrazyCat
Hi there,

My network has 3 servers (, and and a dns RR (

If I want to use a letsencrypt certificate, must I generate a certificate for each server or only the ?
And subsequent question: if I can do only one certificate, how can I do for the renewal, as letsencrypt will try an http challenge but I don't know on which server it will go ? Must I enable the on each webserver ?

I can manage the automatic replication of the newest certificate on others servers, this is not a problem :)

Re: short SSL question

Posted: Sat Sep 04, 2021 6:42 am
by k4be
I suggest using a wildcard certificate (*, it'll serve all your subdomains (except the top one,, you probably need a separate certificate for it).
Use DNS challenge so you can run the letsencrypt client on your DNS master. To generate a standard one-domain cert ( you can use DNS challenge too.

Re: short SSL question

Posted: Fri Sep 10, 2021 12:55 pm
by CrazyCat
Thanks for the answer.
I get the same on IRC and I now know that we can have wildcard certs with the DNS challenge, my trouble is now solved.

The certificates are generated on the "main" server (the server with the network website) and propagated once a week to others using scp, everything is ok now.