On Wed, May 19, 2021 at 07:45:17PM -0400, post...@ptld.com wrote: > > Letsencrypt will connect to the "submission" but request would go to > > the "backend" > > Which "backend"? Okay, say i setup port 443 for certbot to use for > verification on haproxy to proxy to the backend servers.
The only one that's actually up and running, since certbot runs its own embedded web server. Alternatively, always the same one, responsible for key rotation. Or with DNS challenges, any one of them that's able to cause a record to be inserted in the zone via "nsupdate" or similar. -- Viktor.