(sorry if this is a long post… not sure how to make it more concise)
I am the current principal developer/maintainer of a content management system that produces free websites from content for over 11,483 non-profit Toastmasters public speaking clubs (& districts) worldwide–the system is built w/ free/open source tools. Clubs enter content via a forms interface and the system turns the content into website (on the fly) using a custom website template that incorporates Toastmasters-specific functionality. We (the system maintainers) have finally reached the point where we needed to take action to implement HTTPS and we obtained a wildcard cert for our main domain, toastmastersclubs.org
However, there is a catch… the system actually works with 3 categories of domains, 2 of which we control, and a third that we really do not:
- We control *.toastmastersclubs.org (each of the 11426 subdomains maps to a TM club… we have this covered now w/ a wildcard cert.)
- We control *.toastmastersdistricts.org (each of the 57 subdomains maps to a TM district… no cert for this yet)
- We do not control the custom domain names (current count = 957) that clubs may optionally acquire on their own and map to our server’s IP address via DNS for navigation and email. These exist in addition to the subdomains the server sets up for them per #1 and #2 above.
All of these map to the same server IP address. The server determines which content to show in the template from a lookup of the subdomain or custom domain name in the MySQL database. We have SSH/FTP access to the AWS server for setting up scenarios #1 and #2 above… no problem. However, we are unsure how to address category #3.
Clubs have to have access to their DNS settings per their registrar where they registrar their custom domain name. Perhaps we could somehow facilitate them getting a cert via LE that they could insert in their DNS record? (Only the system maintainers have server access–I am one of them.)
Can you help me understand how LE could help us get HTTPS set up for all our associated domains???. Not sure that Let’s Encrypt can handle all this and how we would make it easy to use for clubs w/ custom domains.