Just for more clarification, here I give an example of my usecase.
There Is one domain like xyz.com. When a user enters the domain name in our platform, we want to generate SSL for that domain. So I can generate SSL with following command - sudo certbot --nginx -d example.com
After some hour, the second user comes and enter pqr.com. Now I don't want to generate a new SSL for every domain. How to solve this?
Doing so can actually be the best long-term solution.
Because your "combine all names onto one cert" won't scale very much.
There are limits to how many names will fit onto one single cert: 100
If each domain requires "example.com" and "www.example.com" (two names), that means with 50 "client" domains the single cert will be filled.
Where to you fit the 51st client (and all others after that one) ?
Is there any limit of how many SSL can be generated?
We follow the same architecture for one of the products and faced many problems like "too meant open files" and "Unauthorized". After that, we have to move from Nginx to the webroot method to fix the issue.
Then you need a "plan" (a "working solution").
This is not the right place to ask for "plans" (or develop "solutions"), but feel free to do so.
I, for one, am not a fan of extending businesses anything free beyond basic help.
[understand that no one on this forum gets paid for providing help - even the certs are free]
As @rg305 mentioned before, maybe it's the best way to provide each certificate per domain.
To secure 600 to 1000 domains, I think you cannot rely on certbot alone. You can build your script to supply those domains into certbot and let it create a whole 600 certificates in one single batch script.
As you use nginx as a web server, you can add each certificate corresponding with the domain in the server block, and then you'll get your nginx server all 600 domains.