How to use HAProxy to override 25 Certificates per Application Load Balancer limit in AWS?

I use AWS to run a web application, which supports custom domains and subdomains. I am using AWS certificate manager to generate and manage certificates.

Well, say my application is available under https://myapplication.com , I can use my certificate manager to generate certificate for my domain. Also I can very well support subdomains like https://customer1.myapplication.com , https://customer2.myapplication.com etc by using a wildcard certificate like *.myapplication.com

This gets stuck when I try to support custom domains, like if I need to support https://customapplication.com or https://myapplication.custom.com. What I does is, I will configure DNS and attach the certificate to my Application Load Balancer and DNS (Route 53). But ALB has a limit of 25 certificates per node. Some workaround to support more than 25 certificates is to bring up multiple ALB and introduce a Network Load Balancer as shown in the diagram below;

If I proceed with similar architecture, I will end up with bringing up one load balancer for every 25 domains I serve in DNS. I don't think such solution is feasible.

I was reading all the blogs and documentation available online and I would like to see Is it possible to use HAProxy with Application Load Balancer and Route 53 to enable more than 25 certificates in AWS?

I am adding links below for reference.

https://icicimov.github.io/blog/devops/Automated-SSL-Certificates-management-HAProxy-Consul-LetsEncrypt-AWS/

https://cloudonaut.io/more-than-25-ssl-certificates-with-ecs/

Thanks.

Solution 1:

At least in US-East-1, we were able to request 50 certs per ALB, and 100 SAN names per cert = up to 5k unique names. Try asking for a quota increase. We got it, and it's not in the documentation that it goes any higher than 25 certs per ALB.