paurullan
March 22, 2017, 8:47am
1
I am trying to proxy around 600 domains so I need to combine them in blocks of SSL certificates.
If you have a lot of subdomains, you may want to combine them into a single certificate, up to a limit of 100 Names per Certificate.
As clearly stated in here
I believe if you have multiple subdomains in your Caddyfile, Caddy will try to get a certificate for each one. For each server, you’ll need to remove the subdomains it can’t serve from the Caddyfile (or otherwise disable automatic HTTPS for these subdomains).
Alternately, using DNS validation you could bypass the requirement for the domain to be pointed at the actual server in question and have each server get its own set of certificates for the same set of subdomains. I don’t otherwise see how…
and in my tests caddy fetches a certificate for every domain.
Is there any way to use aggregate multiple domains in the same certificate?
If it is needed, at our shop we are programmers and know golang so if we got any hint on where to expand this feature we could do it ourselves.
matt
March 22, 2017, 2:25pm
2
Caddy does not manage SAN certificates, but there are tools to help you do this: GitHub - go-acme/lego: Let's Encrypt client and ACME library written in Go can put 100 names on a certificate for you. Then you can give Caddy those certs with tls directive, see the load subdirective.
UPDATE: (Since a lot of people are apparently finding this post…) Caddy does not have any need for SAN certificates. You will not hit Let’s Encrypt rate limits unless they are all subdomains; and if that is the case, you can have Caddy manage a single wildcard certificate instead.
1 Like
paurullan
March 22, 2017, 2:47pm
3
Great, thank you. I looked into caddy’s code and saw lego as a dependency so I can expand from there.
https://github.com/mholt/caddy/blob/master/caddytls/tls.go#L23 https://caddyserver.com/docs/tls