Hello!
I’m a Japanese engineer.
I’m weak in English, but i ask because I am troubled very much.
I want to publish a SSL-certificate for approximately 2,500 domains (not a subdomain) managing in the same server (in one IP address).
Is it possible?
Help me, please.
While you won’t be able to create single certificate covering all of the 2500 domains, you can get multiple certificates covering up to 100 domains each (but it may take you longer than a week, due to rate limits). Currently, majority of the web browsers people use supports TLS SNI, which makes it possible to serve multiple certificates using single IP address (prior to establishing encrypted connection, client sends domain name in cleartext to help server with choosing “right” certificate to present to the client).
See also:
https://letsencrypt.org/docs/rate-limits/
On the other hand, creating single certificate containing all 2500 domains won’t be a good idea - it would be quite large file that each visitor’s browser would be required to download and parse.
Let’s Encrypt permits no more than 100 different names per certificate. Other Certificate Authorities might allow more, but thousands is impractical. All the names for which a certificate is valid must be listed inside the certificate, enlarging it considerably.
Instead, I recommend investigating your server software for capability to add many different certificates, so that the correct one is transmitted to a visitor of any of the sites served.
Thank you for your reply.
In our environment, we operate about 2500 domains using a virtual host in one server, and we would like to acquire SSL-certificates to each of these domains.
In this way, in cases that using a virtual host in one server, is there a limit on the number of certificate acquisitions? I would like to know if 20 certificates limit per week are applied.
Hi @sayama,
The 20 certificates per week limit only applies to certificates that cover subdomains of the same domain.
So if you make certificates for
Certificate 1 = {one.example.com + 99 unrelated domains}
Certificate 2 = {two.example.com + 99 unrelated domains}
Certificate 3 = {three.example.com + 99 unrelated domains}
…
then you are limited to 20 per week.
However, if the certificates are totally separate:
Certificate 1 = {100 domains}
Certificate 2 = {100 different domains, with no overlap with Certificate 1}
Certificate 3 = {100 different domains, with no overlap with Certificates 1 or 2}
…
then there is no limit, and you could even obtain hundreds of thousands of certificates if you want. The limit that you mentioned only gets applied when two certificates cover subdomains of the same domain.
If this distinction isn’t immediately clear, we can try to present it in another way or from another perspective. One other way to think of it is:
“You can only get 20 certificates per week that cover subdomains of example.com. You can also only get 20 certificates per week that cover subdomains of example.org. You can also only get 20 certificates per week that cover subdomains of example.net.”
This limitation applies in the same way whether or not these certificates also cover other unrelated domains.
If you do need to issue more than 20 certificates per week that cover subdomains of the same domain, and these subdomains are used by different customers or organizations, you can also request a rate limit increase using the form that appears on the rate limit documentation page.
Thank you for precious information.
Because all the domains that we managed are independent domains (IP is the same), I understood that I could acquire the certificate without a limit.
I carry out the SSL acquisition to 2500 domains based on your advice.
Thank you for such wonderful service!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.