So, for such a high volume use of Caddy, I’d recommend our support package for situations like this: https://caddyserver.com/products/support - we can help you get transitioned over with minimal or no downtime.
But one question, what do you expect to do for the domains that fail to validate? They’ll need a certificate in order to serve successfully, or you’ll have to disable TLS for them…
Lots of reasons. Usually it’s when the domain’s DNS is not properly configured, or there is a firewall blocking external connections, or the DNS provider or server is having a hiccup.
It’s hardly ever an issue on Let’s Encrypt’s side, to be frank. That does happen of course, but it’s quite rare compared to how many validations succeed. And once in a long while we see intermediate networks that happen to be blocking or redirecting traffic between the CA’s endpoints and the subject’s servers, but I’ve only seen that happen myself a couple of times.
The Caddy log output will tell you the reason that the validation failed.
Let me know if you want us to get you set up on our support package!
Do you mean the “Extended” support package? We already have the BASIC one. Anyway it will be great to understand what you guys can do and for what price. Feel free to send me that