5000 certificates

Can anyone help? I am looking to generate 5000 certificates in both www. and non www so https://www.domain.com and http://domain.com can anyone recommend the best way to do this in a reasonable amount of time? Thanks!

1 Like

What have you found out yourself already?

2 Likes

Hi @honest

that's simple.

Select a client

then write a batch file.

If you have 5000 domains, you know how to do that.

3 Likes

Thanks for the replies. Can I ask how many certificates can be generated per day/week and how long it will take to get to 5000? Really appreciate the help.

2 Likes

Please read the Rate Limit documentation page. There are a few rate limits, some will not be applicable at all (for example, the certificates per domain per week rate limits won't be applicable if you're planning on getting 5000 certs for 5000 separate domains), others might be applicable depending on how you're setting up your ACME client (one ACME account for all certs or one ACME account per customer?). Please read the Integration Guide for some more info.

Depending on your choices, you can easily calculate the minimal time required for issuing 5000 certs. We can't calculate it for you, as it depends on the choices you made.

3 Likes

why do you need 5000 certificates?

A wildcard might cover 5000 subdomains.

1 Like

I believe OP wants just two hostnames per domain and a separate cert per domain for 5000 domain names.

1 Like

Thanks for all the help and replies. I wanted a seperate dedicated certificate for each domain but it seems it will take a long time to generate for 5000 individual domain names? Is there a paid service or way to speed it up with an increase in limits? thanks!

Why? It's hard to tell now.

If I were in your situation:

  1. Set up a centralized acme-dns server to simplify management and validation. this gets around dns caching issues at most commercial providers.

  2. Register all 5000 domains with the acme-dns system. Use your DNS provider's API to create CNAME records for each domain's acme_challenge onto the acme-dns server credentials for that domain.

  3. Run Certbot or another client.

To make the actual issuance faster, you could just batch the 5000 domains into 10 groups of 500 domains, and then run 10 acme-clients on 10 different machines in parallel -- all using the same acme account credentials. It shouldn't take more than 60 seconds for Certbot to process a base+wildcard (2 domain) challenge with the acme-dns plugin; everything should be done in under 9 hours.

Thanks for all the help, really appreciated.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.