The current LE module/script works well-enough for small one-off cases, but it could use some general improvements, especially in the direction of scaling for large certs and large counts of certs. On my mind at present:
- - 'id' parameter should be validated and <s>normalized</s> better
- - 'subjects' should be validated, normalized (esp case), sorted, and the check-comparisons should be sort-invariant.
- - better privkey management (re-generate when older than X+/-Y, but in sync with a cert renewal?)
- - use configfiles in place of commandline args (global config + per-cert in conf.d/-like structure)
- - refactor script to efficiently process all configs in a single run, in both self and acme modes
- - build an abstraction around this for large subject counts across multiple auto-split certs (for secure direct case, and probably also beta cluster w/ limited lang subs?)