{{tag>letsencrypt ssl nginx}}

====== Obtain letsencrypt certificate for domain with multiple IPs ======
This is a workaround when you have a single domain example.com pointing to 2 or more servers i.e. IPs.

You need to redirect the letsencrypt validation to a different subdomain which points to a single server IP. Example in nginx:

<code nginx>
server {
    server_name example.com;

    listen 80;
    # when one domain is pointing to multiple IPs we need to redirect to domain
    # with single IP since LE can't handle multiple IPs correctly

    location /.well-known {
      return 301 http://letsencrypt.example.com$request_uri;
    }
}

</code>

Config from "primary" server:
<code nginx>
server {
    server_name letsencrypt.example.com;
    listen 80;

    location /.well-known {
        alias /var/www/le/.well-known;
    }
}
</code>

Now when fetching the certificates for example.com, LE should follow the redirect to letsencrypt.example.com.

Then you can setup something like rsync to copy the certs from the primary server to other servers if there is something like DNS load balancing.

<WRAP center round help 60%>
Both above domains don't have to point to the same IP (server)
</WRAP>

====== Tested on ======
  * nginx/1.23.3

====== See also ======
  * [[wiki:letsencrypt_certificate_via_dns_authentication|Letsencrypt certificate via DNS authentication]]
  * [[wiki:lets_encrypt_nginx_reverse_proxy|Lets Encrypt with an nginx reverse proxy]]

====== References ======
  * https://allanjohn909.medium.com/letsencrypt-multiple-ip-address-one-domain-4fd95afa176f
  * https://community.letsencrypt.org/t/one-hostname-multiple-ips/104301/2
  * [[https://easyengine.io/wordpress-nginx/tutorials/ssl/multidomain-ssl-subject-alternative-names/|Multiple domains in Subject Alternative Domain field]]