On 05-19-2021 7:32 pm, IL Ka wrote:
I believe here is an answer:
Viktor:
No you just have to also proxy port 443 as well as 587, and then Let's
Encrypt will issue a certificate for submission.example.com
to (one of the) underlying servers.
Letsencrypt will connect to the "submission" but request would go to
the "backend"
Which "backend"? Okay, say i setup port 443 for certbot to use for
verification on haproxy to proxy to the backend servers.
Backend_1 server tries to renew its certificate. Certbot tries to answer
using the domain name, which resolves to the haproxy server, who then
proxies the answer to... backend_2 or backend_3. Its load balancing. How
is that going to work?