I work in a project where environments are very dynamic: every CI build creates a new testing environment from scratch (and every build uses unique DNS name) and every developer creates and destroys environments daily.
Dynamic environments all share few top-level domains, however they use unique subdomains each. Every environment needs to secure a number of endpoints.
What are the best practices for issuing LE certificates in this situation?
Maybe there is a ready-made package that requests and renews certificates for those top-level domains, and makes it available for other environments to use?
We use Kubernetes, and every environment is a separate Kubernetes cluster.
This strikes me as a good fit for a wildcard certificate that covers the top-level domains as well as the one level of wildcard subdomains beneath them.
Yes, I figured it out too. Now the question is whether anyone has already implemented something similar, or do I need to start from scratch and implement pulling a certificate from some central storage (with associated ACL headaches).