Are there any limits in place for the number of certs you issue?


#1

Are there any limits / throttles in place for issuing of certs (For example: can a single machine request 100 certs for 100 domain in one day?)


#2

There will not be a limit on the number of domains we’ll issue to in a day, with the following exceptions:

  1. There will be some anti-abuse rate limiting, particularly for subdomains. We don’t want people to be able to essentially DOS attack us by creating a never-ending sequence of subdomains and requesting certs for them.
  2. There will be some rate limiting and other limitations during our rollout period.

#3

Can you give us a number?


#4

We haven’t settled on solid numbers yet. We may be able to say more as we get closer to public availability.


#5

Alright. Thanks for the reply. :smile:


#6

So for a site that uses subdomains per user or something like that, would let’s encrypt be infeasible? I could dynamically generate a cert on account creation for the dynamic subdomains, but if it gets throttled or limited that might not be good to count on.


#7

These are the use cases where a wildcard certificate is really preferable, otherwise your certificate will grow and grow which will make handshakes slower and slower, there may be a certificate size limit in clients, too.

Another solution would be to use a separate certificate per subdomain, but you’ll need SNI support on all clients then.

In general, I’m not a fan of custom subdomains for every user as long as it’s not necessary.