
AWS NLB now supports multiple TLS certificates via SNI - raycoll
https://aws.amazon.com/about-aws/whats-new/2019/09/elastic-load-balancing-network-load-balancers-now-supports-multiple-tls-certificates-using-server-name-indication/
======
zxcvbn4038
I use a CDN in my environment so one trick I’ve used is to terminate TLS
traffic at the CDN (where there is no limit on certs) then all origin traffic
goes through a single ELB with a CA issued but throwaway cert the users never
see, then on the backend do further routing by hostname and path to S3,
lambda, other backend instances, etc. if you are going to have a CDN anyway
you aren’t giving up anything. Plus connections between The CDN and the ELB
can be pooled and kept alive for long periods so you don’t do much handshaking
there.

------
dwrowe
25 cert limit? When will something release that supports hundreds/thousands
without having to manage it? Especially for hosting services in particular.

~~~
davidfischer
The 25 cert limit is pretty annoying. It also applies to Application Load
Balancers (ALBs) on AWS as well.

At my company, we use Cloudflare's SSL for SaaS offering. It isn't exactly a
load balancer per se, but it did allow us to have many users each with their
own domains. We decided for our use case that it was better than rolling our
own certificate management system for a couple thousand certs and figuring out
how to hot load them onto web servers.
[https://developers.cloudflare.com/ssl/ssl-for-
saas/](https://developers.cloudflare.com/ssl/ssl-for-saas/)

