Hello,
I have three domains, ex. example.com, company.com, and masterhost.com,
with example.com and company.com being served by both master and slave http
hosts.
All three domain names are under alternative names for acme-client.
The problem I have been having while renewing Let's Encrypt certificates is
that the masater host would issue the acme-client command,
and Let's Encrypt would also contact the slave host
to check if it has the response to the challenge, obviously it would not.
I have solved this by including the following on the slave host:
location "/.well-known/acme-challenge/*" {
block return 301 "https://masterhost.com/$DOCUMENT_URI";
}
With this in place I sucessfully renewed my certificate without needing to
resort to DNS-01 or to temporarily removing the slave host from dns records
while renewing.
Dimitrios
