50 crts limit increased?

yu.zarayskaya · July 12, 2024, 9:44am

We are seeing today that after the latest outage, the limit of 50 certificates per week for one domain and its subdomains does not work. More than 80 certificates have already been issued. Has the limit increased or is this a targeted failure?

9peppe · July 12, 2024, 9:58am

I don't understand what you're talking about.

An outage should not impact that ratelimit, nor should it require you to reissue certificates.

yu.zarayskaya · July 12, 2024, 10:01am

Max limit for 1 domain&subs for a week - 50 crts, but we can do more, is it ok?

9peppe · July 12, 2024, 10:03am

You can request a rate limits exception, somewhere in the docs or on the rate limits page it should tell you how to ask.

yu.zarayskaya · July 12, 2024, 10:05am

It works without request and it didn't work like that before

griffin · July 12, 2024, 10:23am

Welcome to the Let's Encrypt Community, @yu.zarayskaya!

The main limit is Certificates per Registered Domain (50 per week). A registered domain is, generally speaking, the part of the domain you purchased from your domain name registrar. For instance, in the name www.example.com, the registered domain is example.com. In new.blog.example.co.uk, the registered domain is example.co.uk. We use the Public Suffix List to calculate the registered domain. Exceeding the Certificates Per Registered Domain limit is reported with the error message too many certificates already issued, possibly with additional details.

However...

Renewals are treated specially: they don’t count against your Certificates per Registered Domain limit, but they are subject to a Duplicate Certificate limit of 5 per week. Exceeding the Duplicate Certificate limit is reported with the error message too many certificates already issued for exact set of domains.

A certificate is considered a renewal (or a duplicate) of an earlier certificate if it contains the exact same set of hostnames (SANs), ignoring capitalization and ordering of hostnames. For instance, if you requested a certificate for the names [www.example.com, example.com], you could request four more certificates for [www.example.com, example.com] during the week.

petercooperjr · July 12, 2024, 10:24am

Please read (and re-read) the rate limits documentation

The 50 per domain per week is only for new names being added, not for renewals. If you're expecting to onboard more subdomains than that, then there is a form to request a higher limit linked there.

Also, with that large an integration, be sure to read the Integration Guide

rg305 · July 12, 2024, 9:48pm

Are you including the pre-certificates in your count?

system · August 11, 2024, 9:49pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Maximum amount of certificates issued against a domain Help	6	1489	May 22, 2017
Domain Limit? Under 50 limit Help	3	1458	October 6, 2019
Clarification regarding the sub-domains rate limit Help	3	412	July 18, 2022
Rate Limits & Renewals Issuance Policy	5	2694	March 18, 2017
Understanding certificate limits Issuance Policy	13	2935	January 18, 2021

50 crts limit increased?

Related topics