SSL certificate renewal process
Note: In order to generate ssl certificate by following these steps, the system routes should have been set up in your aws route53.
There are few steps you have to follow:
First of all login to the ec2 console in your aws account and identify the public Ip addresses of haproxy servers in shard-1 and shard-2.
Generate ssl for shard 1
Step 1 :
Log in to your aws account route53 and change your shard-2 A record differentiator weight as 0. Now the traffic goes only via shard-1 since the weight 200 is applied only to shard-1.
Step 2 :
Log into the haproxy server in shard-1 using the ssh key and simply run the certificate_generate.sh script in ubuntu. Then the certificate will generate for shard-1
Generate ssl for shard 2
Step 3 :
Again log in to your aws account route53 and change your shard-1 A record differentiator weight as 0 and shard-2 weight as 200. Now the traffic goes only via shard-2
Step 4 :
Log into the haproxy server in shard-2 using the ssh key and simply run the certificate_generate.sh script in ubuntu. Then the certificate will generate for shard-2
Note : After generating SSL certificates for both shards, please make sure to change the differentiator weight as 200 in both shards by logging to route53. Otherwise your traffic will flow through only one shard.
Looking for commercial support ? please contact us via email@example.com or the contact us
Leave a Comment