lua-resty-auto-ssl icon indicating copy to clipboard operation
lua-resty-auto-ssl copied to clipboard
verified publisher icon auto-ssl

Is it possible to point 2 instances of openresty to the same redis instance and share certs?

Open MemoryLeak55 opened this issue 4 years ago • 3 comments

Hi

I would like to know if it is possible to share certs using the redis adapter by pointing 2 instances of openresty to the same redis.

My current situation is that I have 2 points of ingress both with openresty, and all the domains have double A records to both these instances. Using the file based certs do not work when you have double A records as often lets encrypt will select the wrong A record to do the challenge with, and go to the wrong openresty which of course is not expecting a challenge and fail, and this quickly hits rate limits.

Is there a reason that two instances cannot share certs via redis?

MemoryLeak55 avatar May 19 '21 09:05 MemoryLeak55

Yes. You can host multiple openresty instances on one redis instance/cluster. That’s kinda the whole purpose of the redis backend.

gjongenelen avatar May 19 '21 22:05 gjongenelen

Hi! @gjongenelen

Can I configure different accounts in these instances?

luishscosta avatar May 28 '21 02:05 luishscosta

You don’t configure an account on your instance. I think you mean the email-address being used while requesting certificates. In that case: no, AFAIK you can only set 1 mail-address per instance. You could set different emails on different instances (don’t know why you would want this) but the certificates will be registered with the email configured on the requesting instance. https://github.com/auto-ssl/lua-resty-auto-ssl#advanced-lets-encrypt-configuration

gjongenelen avatar May 29 '21 11:05 gjongenelen