Hi. I’m building dockers that use acme.sh’s TLS-ALPN-01 to generate certificates for that specific host. The certificates are issued at runtime, the first time the docker container starts. After that it’s the job cronned by acme.sh that takes care of renewal. For development I’m using LE’s staging so that’s all working fine.
However, when development is done we switch to production and when using the docker builds it might happen that some config was missing for docker run (instead of committing it happens that they are simply re-created the container from image). Whatever the reason, point is that each time the container is freshly created from then on a new certificate is issued, but with a rate limiting of 5 per week there is not much room for “error”.
So the thing that 5 is not much, and it could happen rather quickly that a small mistakes results in losing the last generated certificates (as the docker container is removed without having it committed after first start) , meaning it is no longer possible to get a LE certificate for the next week for that host.
So my question is: am I using this the correct way? Is there maybe some kind of caching/proxy service that exists that we should be using?