Before you can request a Let's Encrypt certificate for your load balancer, the domain must already point to the load balancer. Let's Encrypt validates that you control the domain, so the request will fail if DNS still points elsewhere.
Steps
- At your DNS provider, point the domain's A record to your load balancer's IP address and wait for it to propagate.
- In Ploi, open your load balancer and go to the certificate (SSL) section.
- Request a Let's Encrypt certificate for the domain.
Ploi validates the certificate using an HTTP-01 challenge on port 8888 of the load balancer, so make sure that port isn't blocked by an external firewall. Once issued, the certificate is installed on the load balancer (HAProxy) and Ploi sets up automatic renewal for you.
For more background on Let's Encrypt certificates, see How do I request a Let's Encrypt certificate?
