I’m using certbot to auto renew ssl certs after every 3 months or so. It’s fine and dandy after a few years. The problem arrives when I tried to introduce a load balancer and additional nodes.
Since I’m serving media files, I cannot proxy through CloudFlare and use an Origin CA certification, which would make this a lot easier.
With that being said, what are some ways I can do to get this working? The original server will be part of the cluster, should I just let it auto renew SSL certs and call it the master node, and the other 3 servers can rsync the certs over with a cron job or something? My problem is that I’m afraid the auto renew process will fail as the challenge might be distributed to a different node rather than the master node? (or is my assumption flawed here).
Any insights on how to approach this would be very helpful!