Docker Community Forums

Share and learn in the Docker community.

Best practice for deploy ssl certs to multiple servers

(Zh99998) #1

I’m using Let’s Encrypt for SSL cert and Docker Cloud for Infrastructure management.

Each of my node need a cert, of same domain, They are load-balanced by DNS.
Let’s Encrypt client runs in center server, with a crontab to run every month

The problem is, how to deploy the certs to nodes.

Since the cert will update every month, there must be a automatic solution, including:

  1. update: push certs to all nodes when cert updated. It’s better to push by center server. not crontab pull by nodes every month. because there may be additional cert update for example… added a new subdomain.

  2. scale: get cert from center server on a new-deployed node, and let it join update push list. without maintain a node list file on central server manually.

  3. security: don’t make everyone can access my cert. since ssh private key is private and (nearly) permanent, auth with ssh is great. other solution is also ok.

well, I think it is a so common requirements that every LetsEncrypt + cluster user will need. but I can’t find a common solution here. any advice?