Hi. I’ve been working on setting up Letsencrypt for all my subdomains, but unfortunately this meant doing 7 registrations in a single day. As far as I know, Letsencrypt only allows for 7 registrations per week.
Is this true? This really slows down my productivity.
This is the error I’m getting; An unexpected error occurred: There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: muffe.no Please see the logfiles in /var/log/letsencrypt for more details.
The current limit is even 5 certificates per domain per sliding window of 7 days.
But do you really need every single subdomain in a separate certificate? Can’t you just issue one certificate with all the subdomains in the subjectAltName extension, so you could use that one certificate for all subdomains?
I can see you already made a certificate with 4 subdomains on the 2nd of december, so apparently that’s no news to you If it’s really that important, you’ll a) have to wait for the sliding window to open up for more certificates or b) have to wait for the beta to close and the rate limits to be lifted or c) sponsor LE so they’ll be generous to you or d) add your domain to the public suffix list.
I’m planning to only use one cert, but during production/testing I did it one-by-one to make sure everything was working smoothly (and I planned out which subdomains I wanted as I went ahead). This pretty much made me waste my limit.
Currently my productivitiy has come to a halt, and I’ve had to run my newer services using HTTP (even my cloud storage).
I was hoping to get a whitelist/removed limit so I could wrap this up and fix my cronjobs so I get only a few certs.
When registering multiple domains under a single cert, do they still end up in their own directories (I need to know so I can adjust my nginx config accordingly)? (E.g. in letsencrypt/live/ you’d see these directories: example.com www.example.com sub1.example.com sub2.example.com
?
Yes, just specifying multiple domains with -d sub.domain.tld will result in a single certificate for all the mentioned domains. I see you’re opting for the standalone authenticator? Are the specified subdomains running on different machines and therefore there’s no possibility for the webroot authenticator? Would spare you some effort.
And testing should have been done with the --test-cert switch. It generates non-valid certificates by the issuer “happy hacker CA” (or something) but is very usefull for client/ACME/webserver testing. It doesn’t have such strict rate limits as the production server.
As for the directories in the /live/ directory: as far as I know, the first -d switch will be the only directory made in /live/.
If it’s really that important, you’ll a) have to wait for the sliding window to open up for more certificates or b) have to wait for the beta to close and the rate limits to be lifted or c) sponsor LE so they’ll be generous to you 
or d) add your domain to the