Many Domains with Redirection Only


#1

I have a unique use case I’d like some opinions on. I work for a large company that has collected several thousand domain names over the years. Most of those domain names are setup on a common web server that simply redirects the user to a different domain name where a real website exists. We would like to provide TLS certs on all of those domain names.

The idea is to run an Apache setup with a vhost per domain that does the necessary redirects, and have certbot manage LetsEncrypt certificates for those domains.

My concerns are:

  1. What do you think of that setup?
  2. If I wanted some kind of redundancy on the redirect web server, how is that typically managed with LetsEncrypt certs? Shared volume to store the certs and only 1 server running the certbot process?

I’m also open to any other suggestions to try and solve this problem.

Thanks

Peter


#2

Hi @garnerp

you can add one certificate per vHost. So create one certificate per domain with www + non-www and add this.

The only limitation. One account can create 300 orders in 3 hours.

For users of the ACME v2 API you can create a maximum of 300 New Orders per account per 3 hours.

So perhaps split it. Max. 200 new certificates per day, then a later renew should work.


#3

If there is essentially no difference in the redirections [between domain1.com and domain2.com], then they can be in the same vhost and in the same cert:
servername so.many.domains
serveralias domain1.com www.domain1.com
serveralias domain2.com www.domain2.com

serveralias domain49.com www.domain49.com

This would greatly reduce the number of required, and managed, vhosts and certs.
Note: One LE cert can hold 100 names maximum.
So, if each domain will be using root and www.root, then you could at most put 50 domains in one cert.


#4

Would you suggest that each certificate get added by running certbot manually, and then let the auto renew take over from there?

How about if I wanted to load balance the apache server that holds the certs for redundancy purposes? I can’t seem to find a good tutorial that does this.