I have 1 million certificates and there is always a CPU spike everyday due to the renewal jobs. So I tried to comment out this line on init_worker.lua:
renewal_job.spawn(auto_ssl_instance)
and create a new openresty instance just for certificate renewal, which is not accessible from the Internet. There are two openresty instances now:
Proxy (Stop renewal jobs)
Renewal (Run original autossl moudle)
Proxy receives real traffic and returns certificates from redis, it also handles ACME challenges, but renewal job is executed by renewal instance everyday.
I am not sure if it's safe to do so. Does anyone work with any similar scanerio?
I have 1 million certificates and there is always a CPU spike everyday due to the renewal jobs. So I tried to comment out this line on init_worker.lua:
and create a new openresty instance just for certificate renewal, which is not accessible from the Internet. There are two openresty instances now:
Proxy receives real traffic and returns certificates from redis, it also handles ACME challenges, but renewal job is executed by renewal instance everyday.
I am not sure if it's safe to do so. Does anyone work with any similar scanerio?