Generate or renew letsencrypt certbot certificate for load balanced nginx server on Digital Ocean

Solution 1:

As pointed out by @ceejayoz

This sort of situation is why Let's Encrypt supports DNS-based challenge/auth

You should use the DNS feature of certbot. This will require that you add a new TXT record to the DNS records that certbot will then validate against. This removes the necessity to send HTTP requests to the load-balanced machines.

Alternatively, you can setup the same challenge on all LB systems so that no matter which host the certbot client checks against, it gets the challenge back. This obviously won't work if your having certbot do standalone mode.