letsencrypt-erlang
letsencrypt-erlang copied to clipboard
gbour
Concurrent certificate creations?
Is it possible, once letsencrypt is started, to issue multiple, concurrent certificate creation requests? (the use case is for a webserver hosting multiple virtual hosts to request at start-up, and then regularly, the corresponding certificates)
I may be wrong, but I have a set of (Erlang) processes requesting (in a synchronous manner) each a certificate for a given domain (they run eachletsencrypt:make_cert( FQDN, #{ async => false }) with their own FQDN), and apparently the gen_fsm requests 'create' but receives 'pending', presumably from another parallel attempt.
If it not currently possible with a single letsencrypt instance, maybe multiple letsencrypt:start/1 could be executed concurrently? Otherwise, would it be just a limitation of the current letsencrypt-erlang,or one of the Let's Encrypt solution itself?
Thanks in advance for any hint!
(my best bet is that currently it would be possible to start letsencrypt multiple times if the gen_fsm was referenced directly through its PID instead of through {global, ?MODULE} lookups, yet other constraints may apply - maybe opening special ports - that would prevent such a parallel mode of operation)
BTW, firewall-wise, is the only constraint that TCP port #80 is available from the Lets'Encrypt server? (I guess this would mean letsencrypt contact them by itself, from an arbitrary TCP port, rather than the other way round)
To reply to myself: I made a larger fork of your library (thanks!) and performed all the improvements I needed, see https://github.com/Olivier-Boudeville/Ceylan-LEEC (of course a pull request to this upstream origin could be done, yet the amount of differences is rather huge)