I am looking for a set of advice and perhaps a best practice discussion here how to implement LE into my specific needs. I will try to point out my requirement and try to narrow it down as much as possible.
We have a web application and part of it user can whitelabel using their own domain ( or subdomain ). The domain forwarding is done via CNAME to our address ( say dns.example.com ).
Now what I am trying to achieve is to give all of white labeled domain their own certs to make the white labeled part of the app secured.
User will have a SSL settings when turned ON our server will provide SSL for their white label domain.
- CentOS 6.x
- Apache 2
- RAM 2GB
We have about 5000 users. Lets have a hypothesis that all of them enabled SSL settings at once now system will try to run 5000 request to LE server. The main concern is for me is server Resource uses ( CPU, RAM ). Ignoring API limits.
Question: Is there any estimation (benchmark) on how much resource certbot takes while acquire and renewing a cert?
My plan for counter this is to create a database table and put user account as “Pending” and have LE script to take predefined amount of domains and send requests and acquiring them separately.
Question: With the above circumstances which method of acquiring cert you think will be optimal.
( I do not know if this types of discussion is allowed here. I am not looking for the exact solution but a discussion which will drive to better understanding for me about LE clients so i can make a decision. )