Hello, System : Debian 9.4 IspConfig : 3.1.11 I'm installing a mirror server of the main server. With rsync for files and mysql replication for websites. I'm wondering how to deal with let's encrypt certificate for the website. If I check "let's encrypt" a new certificate will be generated, thus i will have different certificate on production server and backup server. Will both certificate remain valid ? Thanks by advance for your reply François
It all depends from dns setup. Letsencrypt will work nice and renew without problem on this server which is pointed in dns zone. Letsencrypt will get "renewal faild" when it try check specific domain related to A record in dns. If it won't find matches it won't renew cert and after month (renewal process starts month before cert expiration) cert will expire.
Hi, Thanks, there will not be another DNS entry as this box should works in case of disaster on main server only. I can copy certificate by RSync too, what i'm wondering is that if new certificates are issued on the backup server, will the certificates on the prod server will stay valid. But i guess let's encrypt do not invalidate certificates except when out of time... Best regards
If the LE certs expired, it will no longer be valid. You will need an incron script to detect changes in LE folder and resync them to your backup server. You can read this incron tutorial to understand on how to do it: https://www.howtoforge.com/tutorial...irectory-changes-with-incron-on-ubuntu-16-04/ This what I did in my guide as well: https://www.howtoforge.com/communit...l-port-8080-with-lets-encrypt-free-ssl.75554/
Thanks, Good guide by the way Server A -> Production Website 'example.com' with a valid certificate until May 15 2018 for exemple I setup Server B Server B -> Live Backup of Website I create a certificate on Server B for Website Backup : will that invalid my certificate on Server A for my website ? Server B will not be online except if Server A is destroyed There will not be an entry for 'example.com' on Server B in DNS as we use fail over IP. By the way, will let's encrypt be able to create the certificate, i guess no.
If I were you, I will create server B FQDN as an aliasdomain to server A as in my extended guide for multi server setup (which includes basic backup / cluster server setup). There I have shown a way on how to create LE SSL certs for other server as an aliasdomain to the main server and how they can be automatically updated and copied upon their updates (which is basically extending the original incron script). If the main server failed and the backup server is to replace it, all LE SSL certs for second server will remain valid within its 90 days period, where you can use that time to reconfigure their renewal from this replacement server further on. About the main server FQDN that is not made available in the backup server dns zone, I think that a backup server should contains everything important / necessary from the main server. That's being said, I do think it is possible to create backup server FQDN website and have its LE SSL certs on its own, but you will have to explore ways on how to do it if that is your preference and weigh their pros and cons.
Hello, Thanks a lot. It's seems that all is working fine, the new server is ok and, i've seen that LE certificate are not IP related, so i think it will not be an issue anyway. Best regards
