On 05-19-2021 7:32 pm, IL Ka wrote:

I believe here is an answer:

Viktor:
No you just have to also proxy port 443 as well as 587, and then Let's Encrypt will issue a certificate for submission.example.com
to (one of the) underlying servers.

Letsencrypt will connect to the "submission" but request would go to the "backend"

Which "backend"? Okay, say i setup port 443 for certbot to use for verification on haproxy to proxy to the backend servers.

Backend_1 server tries to renew its certificate. Certbot tries to answer using the domain name, which resolves to the haproxy server, who then proxies the answer to... backend_2 or backend_3. Its load balancing. How is that going to work?

Reply via email to