[landr0id]

> In order to support custom certificates, they would need to build an interface for certificate uploading/maintenance

With Let's Encrypt (mentioned in the issue) it could be 100% automated with free certs.

[lifthrasiir]

If there are hundreds of thousands of these certificates, you will need a custom ACME client anyway. It is not trivial even with a presence of SNI.

[diafygi]

Eh, ACME isn't that complex. I wrote a fully automated client in less than 200 lines of python.

https://github.com/diafygi/acme-tiny

[lifthrasiir]

An HTTP client that gives a simple automated response is easy to write. An HTTP client that gives simple automated responses to 10,000 connections every second is not easy to write.

(Disclaimer: That said, I haven't seriously assessed the scalability of typical ACME clients. I would appreciate any hard number for them.)

[michaelt]

The ACME client only has to run once every 90 days, to validate domain ownership and retrieve an updated certificate. After that, the certificate can be stored on and loaded from disk - the same way most of the files being served are probably stored.

It's true there might be some added complexity, as the private keys will need to be stored securely. And session resumption data, if you need to support that. Doesn't seem like an insurmountable problem, though.