we are one of the largest Universities in Germany and we started discussing about, if it was possible to move to Let’s encrypt with a lot of our public certificates.
This would roughly be about 700 (Sub)-Domains, which have to be managed.
Now the real question: How would someone delegate the public private key pair needed for operations with let’s encrypt?
Is there a Scenario where I derive keys from the “master key” or something like that? Or would I pass the key to everyone, who Needs Access to that? Or would I Setup a machine, where only “certificate Managers” would have Access?
Is there a recommended way to delegate the work to a Team or something?
Thanks for any advice and Information on the Topic