Hi, I am not sure if this is the right section for my questions, if not please feel free to move the topic to the proper section.
I am working for a big hoster (open-xchange.com) and we are currently thinking about allowing our customers to use Let's Encrypt directly from our web panel and also for some potential upcoming big migrations (For example we will need to enroll about ~500000 domains in 3 months).
I read the integration guide and the rate limit pages, and some of the posts in this same page and I have some questions about how to maximize the throughput of requests, so that a migration like the one above could succeed in time.
1.- The integration guide recommends to use a single account (and of course to not issue requests for new orders before they can succeed), I checked the form to increase the rate limit for the number of open orders and the maximum value seems to be 10000+ (I guess this means 10k + perhaps more based on the available resources on the let's encrypt side):
a) How hard would it to be to get one of those rate limit increases for our account? I am thinking about increasing the maximum of 300 new orders per 3 hours for example, but perhaps we will also need to raise the other limits.
b) Do we need to go over the threshold first before requesting a rate increase for any of the limits?
c) Would it be recommend to have more than one account/multiple rate limit increase requests for this use case? or is it better to only stick to one account?. I am aware that there is a rate limit per IP address for new accounts, but perhaps we could prepare a bunch of accounts and get them ready for that kind of migration.
2.- I read that you guys are implementing some sort of service on your side that would actually issue the requests to our systems when it is the time for the renewal of a certificate, Is there any current date for this service to go live?.
3.- In terms of software is there any recommendation for any particular existing software that could handle that number of certificates? We are trying to host the maximum number of services in Kubernetes, but I wonder if for example cert-manager would be able to deal with so many requests, or if we would need to write our own client.
Thanks in advance for your recommendations.