Hi, I hope this is the right place to ask this. I am about to start working on a SaaS project which will let users add custom domains to their accounts, so I will need to provide TLS certificates for these domains. I am using Kubernetes, so I was thinking that I could proceed this way:
user adds a custom domain
app first verifies that the custom domain is indeed pointing to the app (either DNS verification or by checking a unique URL)
if the domain has been verified successfully, the app then creates an ingress in Kubernetes
cert-manager automatically issues a Let’s Encrypt certificate for the new domain
Would this work with many certificates (if the app is successful as I hope), especially considering the limits? How do companies like Heroku - with tons of users and custom domains - handle this?
Hi, thanks for your reply. The app will by default give subdomains of the app domain, and for that I am going to use a wildcard certificate. The custom domains instead are unrelated to each other like in your first example. I understand that most limits are per domain, but I am worried that as I scale I might run into issues with failed registrations and things like that, even though my app will “keep an eye” on the custom domains making sure they always point to the app.