Opened 16 months ago

Last modified 13 months ago

#32 new enhancement

Use SAN or wild card certificates with lets encrypt

Reported by: ejs Owned by: somebody
Priority: minor Milestone: The Hand Wavy Future
Component: infrastructure Keywords:
Cc:

Description

We're currently fine but lets encrypt rate limits us to 20 domains (services) per week https://letsencrypt.org/docs/rate-limits/ . If we handle times properly that could be stretched to about a hundred certs renewing over a month. It's probably simpler to move to either a SAN cert (100 domains per certificate) or a full wildcard.

Change History (1)

comment:1 Changed 13 months ago by mbooth

I added a wrapper script for calling certbot with a list of domains in order to generate SAN certs:

https://git.darkpeak.org/darkpeak/darkpeak-services.git/tree/roles/tls/files/darkpeak_certbot_wrapper

Note: See TracTickets for help on using tickets.