Hi,
I am running certbot on AWS lambda. We have to generate/renew approximate 5000 certificates per month for all our clients.
As per Lets-encrypt limits we can create only 10 account per IP address and 500 accounts per IP range in 3 hrs.
When we use AWS lambda, AWS will allocate one IP address to it. When one lambda function is invoked it issues one certificate and next certificate will get a fresh lambda function.
Suppose we want to issue 1000 certificates in 1hr on AWS lambda. Then we trigger 1000 lambda functions (Assume sequentially for simplicity). Suppose AWS allocates the same IP for all the 1000 functions. Since each invocation is fresh environment, certbot will create new account and it easily hit the account limit. Even if AWS allocate different IP but same IP range then also we will hit the limit easily.
How to solve this issue? Is it possible to backup the account details and restore the account details on each function invocation? if we backup and restore the account details then what id AWS allocates different IP address for each invocation? Is there any link between IP address and account?
If there is a link between IP address and account, then how lets encrypt knows the IP address? does it use publicly visible IP or the machine IP(Which can be a private network IP)
Thanks