I'm setting up Traefik as a load balancer. For redundancy there will be a few instances behind the same domain name so that any single one can fail and the services behind it will still be (mostly) accessable.
One challenge with this is managing SSL certificates. I'm agnostic as to a solution but generally solutions which auto-renew are better. Letsencrypt (ACME) seems a reasonable option.
What I'm concerned about is hitting rate limits for letsencrypt. To avoid this I firstly need to ensure each instance's certificate store is correctly saved. But I still worry that multiple nodes may collectively all try to renew certificates at the same time.
Is it possible (supported) to have multiple instances with the same ACME certificate store. Eg: can I place the certificates on an NFS share (provided by Amazon EFS) and have multiple instances write to the same file.
- Does this risk corrupting the file?
- Will instances see new certificates arrive in the file and begin to use them?