V7.1.5 - Migrate LetsEncrypt SAN certificates to 1 domain per cert

With the latest v7.1.5 release, we now support generating a single lets encrypt certificate for each domain. Previously, we would re-issue certificates and combine multiple domains under a single account onto 1 certificate. This was done to avoid rate limit issues. We now believe the current Lets Encrypt rate limits are sufficient for most users, and there appears to be a path for larger providers to request higher limits if they run into that.

For new domains, once you flip that setting in the admin, it will immediately start working. For existing domains, here is a console script (cstacks console) you may run to migrate blocks of domains.

max = 15
regenerate = []
Deployment::ContainerDomain.where(system_domain: false).joins(:lets_encrypt).each do |domain|
  next if domain.lets_encrypt&.common_name == domain.domain
  regenerate << domain
  domain.update lets_encrypt: nil
  break if regenerate.count >= max

This will move 15 certificates at a time. You may try increasing that number, but I recommend doing this in blocks to avoid any issues.

Be sure to type exit when you’re finished.

1 Like