Generate or renew letsencrypt certbot certificate for load balanced nginx server on Digital Ocean
Solution 1:
As pointed out by @ceejayoz
This sort of situation is why Let's Encrypt supports DNS-based challenge/auth
You should use the DNS feature of certbot
. This will require that you add a new TXT record to the DNS records that certbot
will then validate against. This removes the necessity to send HTTP requests to the load-balanced machines.
Alternatively, you can setup the same challenge on all LB systems so that no matter which host the certbot
client checks against, it gets the challenge back. This obviously won't work if your having certbot
do standalone
mode.