I have a customer looking to switch over to Let’s Encrypt b/c of the easy renewal process. They’re giant and have dozens of certs they are looking to switch over. Would it be possible to have 90+ domains on one let’s encrypt cert? how can we do this? Thanks!!
You’re allowed to have up to 100 domains per certificate. You simply request all of them at once (for example, with multiple -d options with Certbot); if control over all the requested names is validated, the resulting certificate will cover all of them.
One risk in doing this is if some of the names are unreliable (for example due to flaky DNS service or something) or if the customer decides not to renew one or more of them in the future. In this case, automated renewals using client applications that support it may fail because authorization can no longer be obtained for some of the names in the certificate. However, if appropriate provisions are made for this risk, there shouldn’t be any problem. Some large sites and services that use Let’s Encrypt do have many certificates with dozens or even a full 100 names on a single certificate.
Can you also technically lay out exactly what transferring certs onto Let’s Encrypt would be like? The process for this or who to reach out to and the technical process for renewing? I’m with Akamai and I think there is some kind of re-write required or something to ensure autorenewal. Anyways if you could please advise that’d be great! Thanks!
Let's Encrypt provides a totally automated API for certificate issuance, which is used by dozens of different tools and services. So it all depends on who is going to be obtaining the certificates and how. For example, you can see some of the implementations at
There are also hosting providers and CDNs that directly use these or other clients to obtain certificates on behalf of their customers.
If you have to integrate with Akamai, it might be good to check in with them to find out whether they would obtain the certificates for you or whether you have to get them yourself and then somehow provide them to Akamai. If you ask them and report back, I can try to help you if you didn't understand something about their answer.