[SaaS company] Migrate from Nginx to Caddy for ~1800 domains without downtime

Florent_CLAPIE · December 2, 2019, 11:55am

Hi guys,

I have a SaaS company, I am handling around 1800 domains with nginx and certbot, but the number of domain is growing and complicated to manage because certbot is failling sometimes and get stuck.

I really want to migrate to Caddy but don’t know how to do without downtime for my users.

There is a similar topic here : Migration to Caddy with Auto SSL from Nginx but it was for a smaller number of domains.

We did hit a rate limit of a maximum of 300 New Orders per account per 3 hours but after 3 hours the remaining certificates were generated.

It’s going to take too much time for our case, I would like to avoid it. What’s the beest way to manage hit? Maybe reusing previous certificates?

Best regards and thanks for your help,

Florent

Whitestrake · December 2, 2019, 1:37pm

Hi @Florent_CLAPIE, welcome to the Caddy community!

What’s your DNS provider for these domains? If the provider is supported by Caddy for DNS challenges, you can set up Caddy well in advance and have it fetch all the certificates it’ll need before ever routing traffic to it. Once it’s done, start routing and/or change DNS to point to Caddy and you’ll be away.

Otherwise you’ll definitely need to do this in a staggered manner if you want zero downtime.

Florent_CLAPIE · December 2, 2019, 1:47pm

Hi @Whitestrake, thanks for your answer.

It’s customers domain and there is several DNS providers, I don’t have access to them.

Otherwise you’ll definitely need to do this in a staggered manner if you want zero downtime

Can you explain more? How can I do it in a staggered manner?

Best,

Whitestrake · December 2, 2019, 1:49pm

The idea would be to set Caddy up in On-Demand TLS mode, and then - in batches of 300 or less every 3 hours - change the DNS of all those websites over to Caddy, which will fetch the certificate on the first incoming request for a given site.

Start Caddy with all the sites configured with On-Demand TLS
Change 300 domains’ DNS records to point to the Caddy server
Make a request to each one to ensure Caddy fetches the certificates
Monitor the Caddy output as you go to resolve any problems as they occur
Do another 300 domains in 3 hours’ time

system · May 30, 2020, 11:55am

This topic was automatically closed after 180 days. New replies are no longer allowed.