Are there any limits / throttles in place for issuing of certs (For example: can a single machine request 100 certs for 100 domain in one day?)
There will not be a limit on the number of domains we’ll issue to in a day, with the following exceptions:
- There will be some anti-abuse rate limiting, particularly for subdomains. We don’t want people to be able to essentially DOS attack us by creating a never-ending sequence of subdomains and requesting certs for them.
- There will be some rate limiting and other limitations during our rollout period.
Can you give us a number?
We haven’t settled on solid numbers yet. We may be able to say more as we get closer to public availability.
Alright. Thanks for the reply.
So for a site that uses subdomains per user or something like that, would let’s encrypt be infeasible? I could dynamically generate a cert on account creation for the dynamic subdomains, but if it gets throttled or limited that might not be good to count on.
These are the use cases where a wildcard certificate is really preferable, otherwise your certificate will grow and grow which will make handshakes slower and slower, there may be a certificate size limit in clients, too.
Another solution would be to use a separate certificate per subdomain, but you’ll need SNI support on all clients then.
In general, I’m not a fan of custom subdomains for every user as long as it’s not necessary.