Is anyone aware of existing software or libraries that are designed to help build large-scale Let’s Encrypt integrations?
I built a custom implementation for my employer, which handles issuance for hundreds of thousands of domains. I imagine that other SaaS and hosting providers have built similar systems.
It’s a shame that we’re all building systems like this from scratch. I imagine that our systems are pretty similar. It would be great if there was some software that providers could build upon, which was designed for extensibility.
I’m imagining something that would:
- Provide an API where you could give it a list of domains that need certificates.
- Manage the issuance and renewal of certificates.
- Allow domains to be assigned to a group, so that they can be issued on a single certificate.
- Intelligently batch domains in a group to minimize the number of certificates, if desired.
- Have the ability to mark private keys as compromised, and automate the revocation and replacement of affected certificates.
I’m considering building something like this, but I’d rather contribute to an existing system if something already exists.