Use production certs in CI
This would solve a lot of pain, mainly not beeing able to test SSO in CI .
Overview of options:
- https://www.xf.is/2020/06/30/list-of-free-acme-ssl-providers/
- https://en.wikipedia.org/wiki/Automated_Certificate_Management_Environment#ACME_service_providers
ZeroSSL
For 10€/month we can can unlimited production certs without rate limit! See https://zerossl.com/pricing/ Varac uses this next to LE after running into LE's rate limit. Very easy to migrate/add as second clusterIssuer. Tuturial: https://medium.com/@markmcwhirter/alternative-acme-via-cert-manager-a9e9e7f105e0
Letsencrypt
LE production certs are rate limited.
If you are a large hosting provider or organization working on a Let’s Encrypt integration, we have a rate limiting form that can be used to request a higher rate limit. It takes a few weeks to process requests, so this form is not suitable if you just need to reset a rate limit faster than it resets on its own.
We could try to apply using the Let's Encrypt rate limiting form, although @maarten and me were unsure how happy LE would be if we use throw away productioncerts for CI.