Hello Team,
We have a Whitelabel product where our user can add their domains.
Currently, we are generating Nginx and SSL for each domain.
Is there any way to generate one SSL for multiple domains and we will add domain list on server_name only in one file?
So, we want one nginx file for multiple domains and SSL.
How to do that?
Hello 
Yes. Which ACME client software/panel are you currently using to acquire your certificates?
I will add to @griffin response by saying Let's Encrypt allows up to 100 names per certificate. This and more is described in this guide
Hello @MikeMcQ
I already have checked that link. But did not get any good resource on how to implement it?
Do you have any blogs or resources? It would be good if you share them?
Hello Griffin,
We are using Certbot.
Just for more clarification, here I give an example of my usecase.
There Is one domain like xyz.com. When a user enters the domain name in our platform, we want to generate SSL for that domain. So I can generate SSL with following command -
sudo certbot --nginx -d example.com
After some hour, the second user comes and enter pqr.com. Now I don't want to generate a new SSL for every domain. How to solve this?
Doing so can actually be the best long-term solution.
Why?
Because your "combine all names onto one cert" won't scale very much.
There are limits to how many names will fit onto one single cert: 100
If each domain requires "example.com" and "www.example.com" (two names), that means with 50 "client" domains the single cert will be filled.
Where to you fit the 51st client (and all others after that one) ?
Thanks for your reply.
Is it possible that we generate a wild card certificate that works for a list of domains instead of generating SSL for each domain and combining them into one?
If that all "look" the same (ending with the exact same ".example.com").
Is there any limit of how many SSL can be generated?
We follow the same architecture for one of the products and faced many problems like "too meant open files" and "Unauthorized". After that, we have to move from Nginx to the webroot method to fix the issue.
Do you have any other ideas to scale it?
No, we don't have a subdomain. User can give their own domain.
Rate Limits - Let's Encrypt (letsencrypt.org)
How many domains?
For now, we have 600 domains. For the next few months, it could be 1000
Then you need a "plan" (a "working solution").
This is not the right place to ask for "plans" (or develop "solutions"), but feel free to do so.
I, for one, am not a fan of extending businesses anything free beyond basic help.
[understand that no one on this forum gets paid for providing help - even the certs are free]
As @rg305 mentioned before, maybe it's the best way to provide each certificate per domain.
To secure 600 to 1000 domains, I think you cannot rely on certbot alone. You can build your script to supply those domains into certbot and let it create a whole 600 certificates in one single batch script.
As you use nginx as a web server, you can add each certificate corresponding with the domain in the server block, and then you'll get your nginx server all 600 domains.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.