@Sebastian_Perez Thanks for filling out all the info, that’s very helpful. 
I know it’s tiring, but it makes the whole process a lot easier, and it balances our efforts with yours.
- Wildcard certificates should be used for lots of subdomains.
- On-Demand should be used for lots of registered domains that you don’t control.
- You can do both, but if you add your customer’s domains to your config with “host” matchers in the top-level route, then Caddy will manage them in the background rather than on-demand and you don’t need on-demand.
- You shouldn’t add your customer’s domains to your config file if you do not know that their DNS is set up properly yet.
Are you adding a route to your config for every customer’s site? If so, you don’t need on-demand at all, but you do need to make sure their DNS is configured properly before asking Caddy to handle it. With on-demand that’s not really an issue because usually once clients start resolving the domain name to your server, it means their DNS is finally set up and the ACME CA will also resolve their domain to your server.