This is a workaround when you have a single domain example.com pointing to 2 or more servers i.e. IPs.

You need to redirect the letsencrypt validation to a different subdomain which points to a single server IP. Example in nginx:

server {
    server_name example.com;
 
    listen 80;
    # when one domain is pointing to multiple IPs we need to redirect to domain
    # with single IP since LE can't handle multiple IPs correctly
 
    location /.well-known {
      return 301 http://letsencrypt.example.com$request_uri;
    }
}
 
server {
    server_name letsencrypt.example.com;
    listen 80;
 
    location /.well-known {
        alias /var/www/le/.well-known;
    }
}

letsencrypt.example.com 86400 A 10.10.10.10
letsencrypt.example.com 86400 A 10.10.10.20

Now when fetching the certificates for example.com, LE should follow the redirect to letsencrypt.example.com.

Then you can setup something like rsync to copy the certs from the primary server to other servers if there is something like DNS load balancing.

• nginx/1.23.3

• Letsencrypt certificate via DNS authentication
• Lets Encrypt with an nginx reverse proxy
• Multiple domains in Subject Alternative Domain field

• https://allanjohn909.medium.com/letsencrypt-multiple-ip-address-one-domain-4fd95afa176f
• https://community.letsencrypt.org/t/one-hostname-multiple-ips/104301/2