This seems significant, so I wanted to post it here and answer any questions about it, since I think it will be of interest to the Let’s Encrypt community.
The latest release of Caddy (the web server with automatic HTTPS via integrated Let’s Encrypt) can now obtain and manage certificates in a coordinated way with multiple Caddy instances sharing the same certificates, which alleviates pressure against rate limits with Let’s Encrypt.
As long as
- the Caddy instances share the folder on disk where certificates are stored (
~/.caddy
), and - the DNS challenge is used,
then Caddy will correctly synchronize the management of certificates so only one instance will perform renewals; the other instances will simply reload the renewed certificate from disk instead of contacting Let’s Encrypt again. It “just works” as long as you meet the two requirements above.
And we’re working on eliminating the need for the second requirement, so any challenge type will just work in clusters and behind load balancers, as long as a single shared folder containing the certificates is mounted to the local file system for each instance.
Let me know if you find this useful or if you have any questions!