On Wed, May 19, 2021 at 07:45:17PM -0400, post...@ptld.com wrote:
> > Letsencrypt will connect to the "submission" but request would go to
> > the "backend"
>
> Which "backend"? Okay, say i setup port 443 for certbot to use for
> verification on haproxy to proxy to the backend servers.
The only one that's actually up and running, since certbot runs its own
embedded web server. Alternatively, always the same one, responsible
for key rotation. Or with DNS challenges, any one of them that's able
to cause a record to be inserted in the zone via "nsupdate" or similar.
--
Viktor.
