add support for sharing single certificate to all units in tls-certificates library #350
Description
In some use-cases we want the same "APP mode" certificate to be distributed for all units, not just the leader unit. Call it "APP_SHARED_TO_UNITS" mode. Right now this is something that would need to be implemented outside the interface code, e.g. by a peer relation. I am opening this feature request to add a new mode for distributing the same certificate to all units
So e.g. we can request a single certificate for a site and have all (e.g. haproxy) units share the same certificate. This is more important when we are using let's encrypt certificates, as there are rate-limits on the API.
We can only request 5-certificates per-site, per-week with Let's encrypt due to rate-limits. If a ha deployment (3 cert requests) fails, then you cannot immediately request another 3 certs for the same site.
Up to 5 certificates can be issued per exact same set of identifiers every 7 days. This is a global limit, and all new order requests, regardless of which account submits them, count towards this limit. The ability to request new certificates for the same exact set of identifiers refills at a rate of 1 certificate every 34 hours.
This feature would be useful for solving canonical/haproxy-operator#366