buchdag
commented
3 weeks ago The fix in https://github.com/nginx-proxy/acme-companion/issues/1049 handles certificates in a reverse order, but sadly this doesn't have any impact because the reload of nginx still wait that all certificates are validated even if new certificates are emitted / renewed.
To be more specific it handles certificate by reverse container creation time.
Maybe the ability to reload nginx as soon as a certificate is created or renewed rather that at the end of the loop could help ?
the whole validation loop should be triggered only after the DOCKER_GEN_WAIT.
I'm not sure I understand this, could you elaborate ?
when a new event is triggered from a container re/start, only related certificates should be handled.
That would be a major rework of the container logic and inner working. While the idea is interesting, I'll be honest: that's clearly not planned at the moment or on foreseeable future, and neither is implementing queue management.
mickaelperrin
As spotted in #1049, the way certificates are created may have performance concerns when the number of certificates to handle is very important.
The fix in #1049 handles certificates in a reverse order, but sadly this doesn't have any impact because the reload of nginx still wait that all certificates are validated even if new certificates are emitted / renewed.
Ideally:
The main challenge with this idea is to handle multiple simultaneous events, maybe some kind of queue management could help.