You could sync certificates across hosts for this purpose, though. The advantage of multiple certificates is being able to revoke a subset of certificates if you can determine only a subset of your hosts have been compromised.
you could, but unfortunately the LE certs have a very short lifetime, and renewals are a thing
so you need a master server to handle the renewals, periodic sync, and to handle the case when the master goes away
this would be considerably more complicated than having a second independent certificate (assuming you've automated the entire frontend provisioning process)
You could sync certificates across hosts for this purpose, though. The advantage of multiple certificates is being able to revoke a subset of certificates if you can determine only a subset of your hosts have been compromised.
you could, but unfortunately the LE certs have a very short lifetime, and renewals are a thing
so you need a master server to handle the renewals, periodic sync, and to handle the case when the master goes away
this would be considerably more complicated than having a second independent certificate (assuming you've automated the entire frontend provisioning process)
Did that, can confirm.
For other more sensible reasons but still.