I have a bunch of ec2 nodes (serve HTTP) behind two haproxy nodes (client facing HTTPS). There are two A entries for my domain name, so clients send requests to both haproxy nodes. Each new request goes to a different IP than the previous one.
With dns-01 challenge, I can obtain SSL certificate for my domain on both haproxy nodes. As a result, there will be two independent SSL certificates on two servers, both for the same domain.
Is it generally a good idea? Are there any major downsides? Is it better to obtain one certificate and copy it between the haproxy nodes?