Certificate for 150+ subdomains of the same domain


#1

On our site we have some like 150+ subdomains (purelly techincal reason, but we have to live with it), and I’d really like to have one certificate to protect all of these subdomains. So I try to use ./acme.sh to get it like this:

./acme.sh --issue -d name1.domain.com -d name2.domain.com ... -w /www/domain.com

As I test it on several subdomains it was fine, but for the whole subdomains list it fails at 89th name complaining “urn:acme:error:rate Limited”.

From what I know there are some limitations to prevent abuse of Let’s Encrypt servers, and that’ good. But I don’t know how many subdomains can I use in one command (checks are run independently, right? This way will every subdomain counts up to abuse treshhold?) and, at the end, if there any way to pass the limiter and once get the certificate I need?

Surely I can try to get several certificates for 80 domains each (crazy way, really), but then I’ll have to keep my nginx config splited into parts for first 80 domains and then for second ~70 domains (there are total of 150+). I’d wish I can get wildcard from Let’s Encrypt which would do the trick.

Yes we can afford buy cheap wildcard cert for that but we do trust Let’s Encrypt much more that to any of other CAs.

Please advice!


#2

The rate limits are documented here. The relevant bits:

  • You can ask for up to 100 domains per certificate. (That is, one certificate can be valid for up to 100 domains.)
  • You can get 20 certificates per registered domain per week. That means you could cover up to 2,000 subdomains per week.

There’s no way to increase the 100 domains per certificate limit, so using at least two certificates, with a server configured for Server Name Indication (SNI), would be necessary for your use-case.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.