{{tag>letsencrypt ssl nginx}}
====== Obtain letsencrypt certificate for domain with multiple IPs ======
This is a workaround when you have a single domain example.com pointing to 2 or more servers i.e. IPs.
You need to redirect the letsencrypt validation to a different subdomain which points to a single server IP. Example in nginx:
server {
server_name example.com;
listen 80;
# when one domain is pointing to multiple IPs we need to redirect to domain
# with single IP since LE can't handle multiple IPs correctly
location /.well-known {
return 301 http://letsencrypt.example.com$request_uri;
}
}
Config from "primary" server:
server {
server_name letsencrypt.example.com;
listen 80;
location /.well-known {
alias /var/www/le/.well-known;
}
}
Now when fetching the certificates for example.com, LE should follow the redirect to letsencrypt.example.com.
Then you can setup something like rsync to copy the certs from the primary server to other servers if there is something like DNS load balancing.
Both above domains don't have to point to the same IP (server)
====== Tested on ======
* nginx/1.23.3
====== See also ======
* [[wiki:letsencrypt_certificate_via_dns_authentication|Letsencrypt certificate via DNS authentication]]
* [[wiki:lets_encrypt_nginx_reverse_proxy|Lets Encrypt with an nginx reverse proxy]]
====== References ======
* https://allanjohn909.medium.com/letsencrypt-multiple-ip-address-one-domain-4fd95afa176f
* https://community.letsencrypt.org/t/one-hostname-multiple-ips/104301/2
* [[https://easyengine.io/wordpress-nginx/tutorials/ssl/multidomain-ssl-subject-alternative-names/|Multiple domains in Subject Alternative Domain field]]