
Let's Encrypt at Scale - yarapavan
https://engineering.autotrader.co.uk/2018/09/04/letsencrypt-at-scale.html
======
CamTin
Another thing to think about with LE at scale, especially if you plan to renew
your certs around the same time (rather than staggering them), is to make sure
you don't run into rate-limiting problems. In fact, if you have a REALLY major
deployment (probably more than the 3,000 domains discussed here) you should
work directly with the LE team to make sure that their infra is ready for you
and to work out a reasonable rate of API usage between you. I know this was
the experience of at least one major web hosting provider when they began
offering automated LE certs for customer sites and the LE team was very
accommodating.

------
yarapavan
Etsy solution, which inspired this post ->
[https://codeascraft.com/2017/01/31/how-etsy-manages-https-
an...](https://codeascraft.com/2017/01/31/how-etsy-manages-https-and-ssl-
certificates-for-custom-domains-on-pattern/)

------
moreentropy
I hope they donate to Let's Encrypt.

------
cm2187
Why don't they use DNS validation, it would seem to be easier. You can run the
certificate renewal process independently from your web stack and just need to
deploy the certificate at the end.

[edit]: Actually stupid question, these websites are for domains they don't
control.

------
simplyinfinity
just an FYI for people that host other people's domains dynamically, there is
this Openresty ( nginx + lua + other goodies) module that does this
automatically, and you can write a custom allow function to fetch "allowed"
domains from Redis storage + store the certs in redis (for when you have
multiple openresty instances) : [https://github.com/GUI/lua-resty-auto-
ssl](https://github.com/GUI/lua-resty-auto-ssl)

~~~
subway
This is currently how Help Scout deploys TLS certificates for Docs sites with
custom domains: [https://www.helpscout.net/knowledge-
base/](https://www.helpscout.net/knowledge-base/)

I think we're in the ball park of 5000 domains right now.

------
tonyedgecombe
I wonder why auto trader needs 3,000 domains, is this some kind of SEO tactic?

~~~
ABS
from the very first paragraph:

"we offer a product that allows customers to host a private website using this
stock, under their own domain. We wanted to provide HTTPS support to all of
these websites."

~~~
majewsky
Mobile-friendly version of this quote:

> we offer a product that allows customers to host a private website using
> this stock, under their own domain. We wanted to provide HTTPS support to
> all of these websites.

Please do not use codeblocks for quotes. Just put a > in front of each
paragraph.

~~~
ABS
or better yet, read TFA ;-)

but you are right, it wasn't on purpose and I edited it though it's now
redundant

