Look, I get it...there is no shortage of posts about using Let's Encrypt in almost every imaginable environment.

However, when it came to a situation I had recently, there was nothing...so I'm going to add it to the pile.

The Problem

I'm going to break this one down into an order of operations:

  • I have two servers behind a load balancer.
  • One of the servers has been tasked with renewing the cert from Let's Encrypt and copying it up to the load balancer.
  • For whatever reason, that fails and the cert expires.
  • This is compounded by the fact that due to a recent reformat of my machine, I don't have the ability to SSH into either server.

What a way to start the day, eh?

The Solution

Since I still have control over DNS, I'll use the dns challenge for Let's Encrypt to create a cert for a specified domain name.

sudo certbot -d <domain-name> --manual --preferred-challenges dns certonly

This command will step you through setting up the certificate and then will provide you with a TXT record and subdomain to add to your DNS records. Once you've verified those changes have gone through, you can complete the process and the certificate and key will be stored to be copied to your load balancer.

It's super handy to be able to do this in a lot of cases such as testing out an idea before deploying it.

I hope this helps someone down the road like it has helped me!