Certificate reusement


(Dexafree) #1

Hi everyone.

I’ve been a caddy fan for a year or so, and what I liked the most was that just by using it, you get LetsEncrypt certificate management for free (initially I was using NGINX and acme tools, but it lacked the automation I wanted on that sort of stuff).

Recently I’ve hit the maximum number of certificates issued, and reading the LetsEncrypt rate limits page, I found this:

If you have a lot of subdomains, you may want to combine them into a single certificate, up to a limit of 100 Names per Certificate.

I mostly use subdomains, and after reading this, I’m thinking about having 1 domain per certificate and reusing it across subdomains.
My question is: Can Caddy manage that automatically? Or would I need to request a certificate manually and then make caddy use it with the tls directive?

Thanks!


(Matthew Fay) #2

The latter, unfortunately. While the upstream ACME library does support requesting SAN certificates (up to 100 alternate names per certificate, if I remember correctly), Caddy doesn’t use them, instead requisitioning a single certificate per site label.

Also, LetsEncrypt won’t be supporting wildcards until January 2018.

On LetsEncrypt’s rate limit info page, they mention an exemption request form you can fill out if you meet certain large certificate volume requirements.


(system) #3

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.