Is there any upper limit for how many domains Traefik can secure, via Let'sEncrypt?
(I know Let'sEncrypt has rate limits; that's not what this is about.)
If Traefik places all domains / hostnames in a single certificate, seems there's an upper limit at 100 — see: https://community.letsencrypt.org/t/maximum-number-of-sites-on-one-certificate/10634/3 — does Traefik work this way?
However if Traefik generates one new cert, per domain / hostname, then I suppose there is no upper limit. Is this the case?
Is the behaviour different if acme.onDemand = true
is set,
versus if acme.onHostRule = true
is set? Maybe in one case Traefik stores all domains / hostnames in the same cert, in another, in different certs?
(Background: I build a SaaS and organizations that start using it, provide their own custom domains. I really don't think the following is the case, but still I'm slightly worred that, maybe I'm accidentally adding a max-100-organizations restriction when integrating with Traefik.)
There's no upper limit. Traefik generates one cert per hostname.
From Traefik's Slack chat:
basically Traefik creates one certificate by host if you are using
onHostRule
oronDemand
. You can create one certificate for multiple domains by usingdomains
https://docs.traefik.io/configuration/acme/#domains.
(This chat message, however, probably it'll disappear soon — Slack's 10k limit: https://traefik.slack.com/archives/C0CDT22PJ/p1546183883145900?thread_ts=1546183554.145800&cid=C0CDT22PJ )
(Note, though, that onDemand
is deprecated — see: https://github.com/containous/traefik/issues/2212)