Performance issue with "want"

[rustybrick]

I am using acmetool in a large system with over 1000 certificates. Is there a way to better manage the reconciliation to prevent the 'want' command from taking forever? I am assuming it's the reconciliation. I've tried the "--no-reconcile" with "want" and doing a batch reconcile later. Still takes forever.

Thanks for providing a great system!

[lotke]

On 1800+ certs it takes about 30+ minutes just to add one more cert.

[dynamicnet]

Same issue here, with 1000+ certifcates managed, the tool is no more usable. Is there plans to improve this point ?

[mnalis]

Maybe adding (optional) option to reconcile so it only try to reconciles specified domains?

That looks like it would be in line with original design for default case (acmetool reconcile or acmetool want --reconcile example.com) but would allow high-certificate hosts to adopt just a little different workflow:

acmetool want --no-reconcile example1.com
acmetool want --no-reconcile example2.com 
acmetool want --no-reconcile example3.com
acmetool reconcile --batch example1.com example2.com example3.com

(and just do plain acmetool reconcile without options once a day in cron as a catchall just in case)

Alternatively, maybe specifying --newer-than reference_filename option to acmetool reconcile, so it only tries to reconcile certs whose timestamp in /var/lib/acme/desired/* newer than timestamp of specified reference_filename (like file -newer works)