In my current environment I run caddy as containers of a docker swarm with load balancing (docker swarm load balance requests to several instances of caddy). As a container’s storage is ephemeral, I can’t leave the /root/.caddy directory inside it, or else caddy would have to reissue certificates every time the container is restarted.
What I do is mounting /root/.caddy in a directory of the host, which is already shared by multiple containers (2 per host). To make things worse, this directory is actually a NFS mount which is shared with 3 other hosts. So, I have a /root/.caddy directory which is shared by 6 running caddy servers. My question is basically: What could go wrong?
If one certificate is near its expiration date, one of the caddy instances will renew it first. Will the others notice the file changed and reload the certificate or will every caddy instance also renew and overwrite the file?
If I start all 6 at the same time and they start issuing certificates for a new domain I added, will all of them issue the same certificate one over the other? How often are those certs loaded from disk?
And another semi unrelated question: Can the initial emission of certificates run in parallel instead of serially for each domain? I have a lot of domains, it takes some time.