You must process each one of them singularly… However, you could implememnt scripts to ask the server to auto request & renew it…
I don’t know if theres any load balancer or whatsoever, but it’s not that easy to implement 3000 estate site’s…
P.S. you must take advantage of the SNI technology… Or there’s kind of no privacy & security… (Each certificate could contains up to 100 domain names…)
so you can organize the challenge files in one own directory. So if you can create such "dynamic redirects" on each of these 3000 domains, it may be easier.
You’re correct that there are several ways companies have handled large integrations before, but it will require some work on your side as well. Without a better understanding of your infrastructure (are you a shared hosting provider?) You might want to check out the integration guide, if this is relevant to your situation:
We don’t need help with scripting suggestions for server side management.
If going HTTPS is required then at least we should be given a way of doing it for thousands of domains at once and at a very low cost per domain.
My question should have been: how does one actually afford to buy, add to cart, pay once for all, verify domain IDs, download certs for thousands of domains?
Use Let's Encrypt, which provides free certificates that are issued completely automatically once you set up the scripting side on your environment. Are you asking about obtaining certificates from a different public CA?
Thanks that is a little more informative. What companies can handle mass SSL cert purchases via API? I cannot find any, even my easydns provider does not have mass SSL ordering. Godaddy might but their pricing for thousands of certs is crazy.
They do indeed! In fact, a Let’s Encrypt certificate is securing your connection to this very forum, and they are used by a very large number of services and providers.
I’m curious how you found this forum if you didn’t know that Let’s Encrypt is the name of a free public CA that issues certificates via an API.
I don’t mean that in a disparaging way—I’m working with people who are trying to improve our documentation and we’re also very curious how and what people hear about us. Did you follow a link or a suggestion from someone else, or do a web search for some particular term?
Meanwhile, you might be interested in all of
including
(You don’t necessarily have to develop your own client application using the API, but you may likely be able to script around an existing client or library.)
The server side scripting includes a challenge. It's an essential part of the ACME-v2-Protocol, which you have to use if you want to use Letsencrypt.
And if you build your own client, then you have to solve the challenge. If that works, it's no problem to manage certificates for 5 or for 5000 domains.
The ACME-Protocol v2:
PS: I have built my own client, because I have an own subdomain-service, where customers also route their own subdomains to their standard-subdomains. So I use a Letsencrypt-certificate for each of these external domains.
In addition, the Let's Encrypt project aims to make it easy for small sites to adopt it by publishing easy-to-follow guides and tools that simplify the process.
This seems like a slightly unhelpful journalistic description because it doesn't mention the fact that Let's Encrypt is a CA that will actually offer certificates for free (which is indeed a big part of what many of the small sites care about).