Authorizations - Parent and Children Relationship with Challenges


It must be somewhere online but I couldn’t find it. What is the limit of certs an account can generate? We’re building something similar to Shopify so we’re going to have a lot of domains from our users and want to make sure what the rules are.


There’s no limit on the number of certificates per account. The only account-related limits are pending authorizations (300) and failed validations per hostname and hour (5). All other limits are based domains. The full list of rate limits can be found here.

Great thanks.

Related to the pending authorization, I have two follow up questions:

  1. Do they expire after some time?
  2. Is there a call to get the number of pending authorizations per account?

Yes, I’m fairly certain it’s 7 days. Your authz objects have expires fields you can check to confirm this.

No, it’s up to the ACME client to keep track of both the number of pending authorizations and their URLs, which you’ll need to disable them or force validation if you run into the limit for some reason (i.e. a bug or an outage). There’s no endpoint that you can use to return all pending authorizations either.


This object you mean?

  "type": "tls-sni-01",
  "status": "pending",
  "uri": "",
  "token": "9rk_X1Dx7FrHPODD27mNJqQlxsAL-Q7orDuK2lImb1M"

I don’t see expiration there.

That would be the challenge. Authorizations (authz) are one level above those - each authorization can have multiple challenges (tls-sni-01, http-01, etc.).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.