New to LE and still working out some thoughts and ideas, hoping to get a little help and guidance.
I have a domain, example.com
I have about 20 server/services all located at the same site on one (dynamic) IP and one A record subdomain. (there are a few cname subdomains pointing to that A record but these are the exception not norm)
All the various servers/services at this location are behind NAT and accessed on specific ports. (http://office.example.com:12345)
It’s actually about 12-14 VMs (mixed Win/Linux) some of which host more than one service/web server (RMM, Inventory scanning, NMS, UniFi controller, NAS/File Server, etc.)
For completeness, there are also a handful of other services at other sites (a PBX, an offsite RSYNC target, a shared webhosting account, at e.g. Vultr, OVH, etc.)
My question is with regards to issuing LE certs across all these machines. If I understand correctly I need one cert for each server/service, as each is essentially it’s own webserver.
Correct so far?
So first question: is it appropriate to use a wildcard cert for this? (since there’s the A record and a couple of cnames, all at the same IP address/site.)
Since I need a cert for each service though, don’t I run into duplicate cert limits requesting it for each service/server?
Or is there another mechanism for this I’m not aware of yet?
I guess basically I’m asking how do I get the certs spread around various machines without manual intervention or hitting limits?