Is it possible to point 2 instances of openresty to the same redis instance and share certs?

Question

Is it possible to point 2 instances of openresty to the same redis instance and share certs?

MemoryLeak55 opened this issue 4 years ago · 3 comments

Hi

I would like to know if it is possible to share certs using the redis adapter by pointing 2 instances of openresty to the same redis.

My current situation is that I have 2 points of ingress both with openresty, and all the domains have double A records to both these instances. Using the file based certs do not work when you have double A records as often lets encrypt will select the wrong A record to do the challenge with, and go to the wrong openresty which of course is not expecting a challenge and fail, and this quickly hits rate limits.

Is there a reason that two instances cannot share certs via redis?

Answer 1 · 2021-05-19T22:12:14.000Z

Yes. You can host multiple openresty instances on one redis instance/cluster. That’s kinda the whole purpose of the redis backend.

Answer 2 · 2021-05-28T02:41:01.000Z

Hi! @gjongenelen

Can I configure different accounts in these instances?

Answer 3 · 2021-05-29T11:26:39.000Z

You don’t configure an account on your instance. I think you mean the email-address being used while requesting certificates. In that case: no, AFAIK you can only set 1 mail-address per instance. You could set different emails on different instances (don’t know why you would want this) but the certificates will be registered with the email configured on the requesting instance.
https://github.com/auto-ssl/lua-resty-auto-ssl#advanced-lets-encrypt-configuration