I am considering how to set up two Caddy servers behind an haproxy load balancer. Yesterday I learned that I can use an NFS share to have two Caddy servers coordinate certificate management.
Today I am wondering if it may be better to do my certificate management on Caddy server A and manage the certificates myself on Caddy server B. I am concerned that NFS introduces a single point of failure.
What would I lose if I managed the certs by hand on Caddy server B? The docs list the benefits below. Would I still get these benefits (aside from auto-management, of course) on my Caddy B?
In summary, Caddy implements these TLS features for you automatically. It is the only server to do so by default:
Session identifiers Session ticket key rotation OCSP stapling Dynamic record sizing Application-layer protocol negotiation Forward secrecy HTTP/2 (for the HTTP server) Certificate management (including auto-renew) Man-In-The-Middle detection (for HTTPS sites)