User Tools

Site Tools


wiki:obtain_letsencrypt_certificate_domain_multiple_ips

Obtain letsencrypt certificate for domain with multiple IPs

This is a workaround when you have a single domain example.com pointing to 2 or more servers i.e. IPs.

You need to redirect the letsencrypt validation to a different subdomain which points to a single server IP. Example in nginx:

server {
    server_name example.com;
 
    listen 80;
    # when one domain is pointing to multiple IPs we need to redirect to domain
    # with single IP since LE can't handle multiple IPs correctly
 
    location /.well-known {
      return 301 http://letsencrypt.example.com$request_uri;
    }
}

Config from “primary” server:

server {
    server_name letsencrypt.example.com;
    listen 80;
 
    location /.well-known {
        alias /var/www/le/.well-known;
    }
}

Now when fetching the certificates for example.com, LE should follow the redirect to letsencrypt.example.com.

Then you can setup something like rsync to copy the certs from the primary server to other servers if there is something like DNS load balancing.

Both above domains don't have to point to the same IP (server)

Tested on

  • nginx/1.23.3

See also

References

wiki/obtain_letsencrypt_certificate_domain_multiple_ips.txt · Last modified: 2023/03/20 13:32 by antisa

Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki