I would like to hear/share some ideas on using let’s encrypt within high-density environment.
I would like to leverage let’s encrypt to protect about 20,000 individual domains on my Nginx servers.
New domain gets added every day. Therefore, I don’t think keep re-generating my SNI certificate would be a good idea.
I am planning to request new individual cert for every new domain but I have some concerns in following areas:
- Managing 20,000+ cert and renewal?: I am thinking to heavily use certbot here
- Syncing certs between multiple web-servers: I have 10 nginx webserver and I am planning to use NFS here (or AWS EFS)
- Creating nginx configuration for each domain: Looks like we cannot make use of nginx variables to dynamically define our certification settings. Seems like I need to create/generate 20,000 nginx different configuration. (this is going to be a management headache as well.) I am thinking to create a nginx template and then generate new ones based on that template.
What are your thoughts? recommendations?