It is definitely possible at a technical level to use one private key for many different certificates. Certbot supports this if you manually generate CSRs and pass them in with the
In general, though, we think it’s best to rotate private keys every time you generate a new certificate, and this strategy makes that harder, though I understand the bind you are in memory-wise.
One thing I would recommend: Before you spend time re-engineering around this, verify that using the same private key across certificates actually saves memory in openresty. It’s possible that it will keep a copy of the private key in memory for every certificate. This seems likely unless the authors have specifically optimized around this use case.