In article <20190109164709.6f869d92@computer> you write: >On 8 Jan 2019 15:59:30 -0500 >"John R Levine" <[email protected]> wrote: > >> I can set up the TXT records easily enough, but it looks like I need >> an HTTPS server with 80 names and 80 certficates, or one certificate >> with 80 alt names. That doesn't scale very well. > >I believe the thing you want is automation.
I already have automation to renew all my certs. But I can tell you that DNS based renewals are slightly flaky because of server update delays and caches. >There's no technical scalability issue here, ... If you have to validate 80 names, and each validation works 98% of the time, validating all 80 alt names in a row only works 19% of the time. That's the scalability issue. If I can set up SNI so the certs are independent, that scales a lot better, since a renewal failure in one doesn't affect the other 79. R's, John _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
