How to do Round Robin on cert_issuer?

Hi,

Sometimes, we have many requests for new certificates, and we get the rate limit very fast.
Today we’re working like this:

        cert_issuer acme https://dv.acme-v02.api.pki.goog/directory {
                eab key key
        }
        cert_issuer acme https://acme-v02.api.letsencrypt.org/directory
        cert_issuer acme https://api.buypass.com/acme/directory
        cert_issuer acme https://acme.zerossl.com/v2/DV90 {
                eab key key
        }

Today the ACME is working one by one in the order of the list. I wanted it to work in round robin so it will call to different AMCE every time so it will reduce the chance for block.

Thanks

CertMagic recently added support for “issuer policies” – i.e. the ability to customize how an issuer is chosen; right now there’s “First” and “First Random” – there’s no round robin yet because that requires state and that’s more complicated, and there’s little evidence that it would be objectively more suitable than random in most cases.

I don’t think I’ve exposed these options in Caddy yet. I’m a little busy right now but it’s something that I could prioritize with a sufficient sponsorship.

By “many”, how many are you talking about? Curious to get some rough numbers so we better understand how Caddy is being used.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.