Hi folks. I’m looking to start using Caddy in our environment to enable us to switch all our customers’ custom domains over to SSL, without using 1000’s of IP addresses and updating all those certificates (!)
So my plan is to have our existing Cisco load balancer offloading the majority of our heavy SSL due to the dedicated hardware it contains to help with that, and then load-balance all the other traffic to two Caddy servers. These in turn will be set up as transparent proxy servers to our Varnish cache servers, which also do all sorts of crazy logic to work out what backend servers to send traffic to.
So, to cut long story short, would I have to replicate the certificates to each node? Otherwise, the first time a node sees a domain, it will try and fetch a new cert from LetsEncrypt, right? What will LE do if they get at least 2 requests for each cert?
Can I even just replicate the files in
/opt/caddy/ssl/acme/acme-v01.api.letsencrypt.org/sites/ to each node?
thanks folks, Caddy could go a long way towards solving a LOT of our problems