Use numerous Let's Encrypt certificates and have them all in one place.
If you have a few dozens of SSL certificates scattered over dozens of servers, this Ansible role can help you. This is how SSL certificates are managed at Skyeng and you can use this method as well. With this role you can easily manage large number of short-termed SSL certificates without an army of Certbots. Details are here (in Russian).
The only requirement is to have DNS at AWS Route53. However this can easily be changed in favour of your favorite DNS provider.
Just describe all SSL certificates you need in vars subdirectory, one in a file like this:
foo.example.com:
alt_names:
- bar.example.com
baz.example.comrun one playbook and that's all. Run this playbook from time to time. And use the certificates from this store whenever and wherever you need them. They are guaranteed to be fresh.
More info on how to describe the certificates.
- hosts: localhost
gather_facts: no
roles:
- lets-use-sslThis role was written in 2019-2020 by Igor Plekhov.
The original place of this repo is at https://github.com/igmp/lets-use-ssl.