Skip to main content

Multiple Clusters Syncing

Zeet enables you to sync your SSL certificate across multiple clusters. An HTTP-01 challenge requires the certificate validator reach a specific cluster. Therefore, if you have multiple clusters, you can't guarantee that an HTTP-01 challenge will reach a specific cluster. In contrast, a DNS-01 challenge validates the domain by proving you control the DNS for the domain name by putting a value in a TXT record under the domain. Therefore, a DNS-01 challenge is not dependent on reaching a specific cluster or domain. As such, a DNS-01 challenge is used for multi-cluster and wildcard domains.

1. Add a replication (cluster) to your app (if necessary)

If your app is not already deployed to multiple clusters, here's how you add a replication cluster. In the "Settings" tab of your app, navigate to the "General" subtab. Under "Resources & Replication," add a new target cluster.

2. Add domain

Navigate to the "Settings" tab in your app then to the "Networking" subtab. Enter your custom domain into the input box. You will see instructions for all of your clusters. You only need to enter one set of instructions with your DNS.

Note, if you are syncing your certificate across multiple apps, you will need to add the same domain to each app.

3. Add DNS instructions to your domain provider

4. Sync Certificate with Cluster

After a few seconds (you may need to refresh), you will see the "Certificate Status" is "Ready" for one of the clusters. In the cluster where the "Certificate Status" is "Issuing" click on the gear icon. Under the "Sync from Cluster" dropdown, select the application with the cluster that has the ready certificate. The SSL certificate will be copied from the this cluster. When successful, you should see "Certificate Synced with xxxxxxx" as shown below.

5. Success!

Resources