I have a SaaS company, I am handling around 1800 domains with nginx and certbot, but the number of domain is growing and complicated to manage because certbot is failling sometimes and get stuck.
I really want to migrate to Caddy but don’t know how to do without downtime for my users.
What’s your DNS provider for these domains? If the provider is supported by Caddy for DNS challenges, you can set up Caddy well in advance and have it fetch all the certificates it’ll need before ever routing traffic to it. Once it’s done, start routing and/or change DNS to point to Caddy and you’ll be away.
Otherwise you’ll definitely need to do this in a staggered manner if you want zero downtime.
The idea would be to set Caddy up in On-Demand TLS mode, and then - in batches of 300 or less every 3 hours - change the DNS of all those websites over to Caddy, which will fetch the certificate on the first incoming request for a given site.
Start Caddy with all the sites configured with On-Demand TLS
Change 300 domains’ DNS records to point to the Caddy server
Make a request to each one to ensure Caddy fetches the certificates
Monitor the Caddy output as you go to resolve any problems as they occur