LE SSL Renewal in Load balancing envirement

Discussion in 'Installation/Configuration' started by skysky, Nov 18, 2018.

  1. skysky

    skysky Member


    I have two virtual servers behind a load balancer. both server running the same ISPconfig server setup (I cloned it).
    How LE SSL auto Renewal work in Load balancing envirement? I mean will two ISPconfig servers try to renew the same domain, then create issues?

    all domains A record is pointing to the load balancer IP.
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    How do you keep those servers in sync? In general you just need to have a shared filesystem for /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/ (or up to 2 directories up the hierarchy) and for /etc/letsencrypt/.
    I have no experience here, but I would guess they might both try, and at about the same time, so you may have some overlap. If one requests finishes quickly, before the other runs, the second one should just determine that a renewal is not needed. Assuming the requests overlap, I can only speculate as to what would happen; definitely make sure you have functioning file locking on your shared filesystem.
  3. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    I remember using unison for ISPConfig cluster servers but yours are cloned so, I am not so sure whether the same can be used.

Share This Page