• 12
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

I have a bunch of ec2 nodes (serve HTTP) behind two haproxy nodes (client facing HTTPS). There are two A entries for my domain name, so clients send requests to both haproxy nodes. Each new request goes to a different IP than the previous one.

With dns-01 challenge, I can obtain SSL certificate for my domain on both haproxy nodes. As a result, there will be two independent SSL certificates on two servers, both for the same domain.

Is it generally a good idea? Are there any major downsides? Is it better to obtain one certificate and copy it between the haproxy nodes?

      • 1
    • While that's probably true, having just one certificate that's duplicated on all of the nodes would avoid any problem, and I don't see any reason not to do that.

You should switch to using ELB+Haproxy+Backends, with ELB doing ssl stripping and use free certs from AWS Certificate Manager. Should be really easy to switch, with next to no performance impact, but with some cost impact.

In general, having multiple certificates for EXACTLY the same domain is not harmful, unless it's EV or DV cert, but as you are using let's encrypt, that's not an issue. It's only a pain to take care of.

  • 0
Reply Report

Trending Tags