On 05-19-2021 6:44 pm, IL Ka wrote:
So, each backend can have it's own certificate, but for the same DNS name (haproxy.example.com), right?

No. certbot will try to connect the server you are issuing the certificate for using the domain name you want the cert for. If the DNS (haproxy.example.com) goes to the load balancer then certbot never gets the test reply and cert creation fails.


I didn't know that letsencrypt could issue a new certificate without revoking the old one.

You can renew, amend, add to, remove domains from an already issued certificate without revoking it first. Certbot will just "overwrite" the existing certificate. That is why in the certbot command you supply the certificate name as its stored on that server.

Reply via email to