| 18 May 2023 |
 emily | Caddy is explicitly advertised as being possible to use as a certificate management service separate from being used as a web server but I feel like migrating the whole module to anything else is hard to advocate for at this point unless lego seriously degrades somehow | 08:43:29 |
| emily | (Caddy itself used to use lego - indeed I think they are the reason lego exists? - and then abandoned it for their own implementation) | 08:44:16 |
| emily | btw I assume another effect of spamming the services on switch is that sometimes serves with tons of certificates will spam LE with (re)issuances all at once? that may be a stronger argument than CPU load for some kind of limited parallelism or randomized timing, because what about hosts with thousands of certificates? | 09:24:32 |
| emily | (e.g.: what if lots of hosts do an automated configuration switch at midnight/some other Schelling point for automatic nixpkgs upgrades and at scale this causes us to direct a bunch of predictable load to LE that the module already goes to pains to spread out during normal operation?) | 09:26:43 |
