How to design using LetsEcrypt for large scale usages


#1

I want to be able to allow customers who use my web application to use their custom domains.

internet -> custom domain -> load balancer -> web application

In this typical design, the SSL will be terminated at the load balancer level. Let’s say I am using nginx to proxy requests to my web application.

How can I automatically create/update my certs at this layer, and being able to scale to potentially thousands of domains that are managed in a pain free way.

The language of choice for me is Go, but my web applications are not necessarily written in Go so I can’t use autocert at the web application level.

Thoughts?


#2

Hi @whateverssl

if every customers has his own domain, there is no limit. Limits are domain based, but 5 or 10 certificates with one domain isn’t a problem. Perhaps one certificate per customer with www.example.com, yourapp.example.com and example.com may be enough.

Then your app should have an own client.

Account creating - order creating - challenge file - confirm challenge - create certificate request and get certificate.

Creating an own client isn’t too complicated. That works direct. Additional, there are a lot of libraries.

But checking the different libraries and their limitations -> then the own client may be the simpler solution.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.