My main question boils down to: How can we get SSL certifications for > 100 domains?
Sub-question: Can we have multiple active certificates on a site at the same time?
I've found that it's easy enough to get the new certificates from LetsEncrypt using multiple domains + the alias feature, though I saw there was a 100 name per certificate limit for letsencrypt.
Forge also seems to have a limit of 1 active certificate at a time - so how would I handle having 101+ domains with ssl?
The only way I know is using a load balancer that handles the SSL stuff and then sends you back to the server(s) that's behind it. For example, AWS offers Elastic Load Balancing where you can add multiple certificates that all point to the same server. Note that you need to have a real certificate to make this work most of the time, LetsEncrypt is a bit harder for this solution (AFAIK, but I'm not an expert).
In theory, you can also do this in Forge, but you have to manually update the nginx file and retrieve the LetsEncrypt certificates yourself. Forge isn't really built for this and focuses more on the 90% use cases that work for most server setups ;)
@shawnyv where does it say that LE has a limit of 100?
As far as I know you can get a cert for each domain without server limits, but I may be wrong ;)
The 100 limit is for using the SAME cetificate for multiple sub-domains. You may also have 50 certificates per domains as well. That means you can have 5000 subdomains with cerficates for a domain.
@shawnyv I dont think there is a limit if you have completely different domains (as these are not subdomains).
@bobbybouwmann - thanks for the heads up on that - hadn't looked into the load balancer route.
@sinnbeck - Thanks for the clarification on different domains (only one I can think of there is their 50 certificate issuances/week limit). But any thoughts on how to make those multiple certificates play nicely with Forge?
IE if I have 50 certificates with 100 domains (so 5k domains), how do I "activate" those 50 certificates in Forge to keep everything running smoothly across all the domains?
Alternate question - if I can't do that within Forge (as this isn't in the 90% cases, which I definitely get), then are there any sites / tutorials / guides you can point me towards to help me implement this without the use of Forge magic? (Preferably of the step-by-step variety, since a lot of this seems like magic to me, haha)
I have been looking into this too. One bastard way to get started as I see it, is to provision a server as load balancer in Forge in front of your application server. For each new domain you have to add it as a site on the load balancer server which also takes care of LE. It's not exactly the way it's intended but it seems to work.
