Hi there,
My network has 3 servers (a.network.com, b.network.com and c.network.com) and a dns RR (irc.network.com).
If I want to use a letsencrypt certificate, must I generate a certificate for each server or only the irc.network.com ?
And subsequent question: if I can do only one certificate, how can I do for the renewal, as letsencrypt will try an http challenge but I don't know on which server it will go ? Must I enable the irc.network.com on each webserver ?
I can manage the automatic replication of the newest certificate on others servers, this is not a problem
short SSL question
Moderator: Supporters
Re: short SSL question
I suggest using a wildcard certificate (*.example.com), it'll serve all your subdomains (except the top one, example.com, you probably need a separate certificate for it).
Use DNS challenge so you can run the letsencrypt client on your DNS master. To generate a standard one-domain cert (irc.example.com) you can use DNS challenge too.
Use DNS challenge so you can run the letsencrypt client on your DNS master. To generate a standard one-domain cert (irc.example.com) you can use DNS challenge too.
Re: short SSL question
Thanks for the answer.
I get the same on IRC and I now know that we can have wildcard certs with the DNS challenge, my trouble is now solved.
The certificates are generated on the "main" server (the server with the network website) and propagated once a week to others using scp, everything is ok now.
I get the same on IRC and I now know that we can have wildcard certs with the DNS challenge, my trouble is now solved.
The certificates are generated on the "main" server (the server with the network website) and propagated once a week to others using scp, everything is ok now.