Some of the other rate limits may be more of a concern.
If you’re running some kind of containerized environment, you should certainly save your Let’s Encrypt data to persistent storage, especially if you blow the containers away every time new commits are pushed or something.
But it’s true that losing everything occasionally is not usually a big deal and you don’t have to worry that much about your backups.
This means that, for example, this domain https://fimlsgreat.tk/ has a limit of 50 new certificates per week?
If you’re running some kind of containerized environment, you should certainly save your Let’s Encrypt data to persistent storage, especially if you blow the containers away every time new commits are pushed or something.
I do not use containerized environment, I use VirtualBox to set up the environment development.
When the development environment will have been configured, the certificate will only be updated.
To set up a development environment, I need about 10 certificates per week. I use the cache, and I don’t have to install the certificate every time.
If you want separate certificates for one.fimlsgreat.tk, two.fimlsgreat.tk, three.fimlsgreat.tk, then the first limit you'll hit will be the Certificates Per Registered Domain limit, which would stop you at fifty.fmlsgreat.tk.
If you want to request certificates for the same domain fimlsgreat.tk itself (for example, with different subject public keys), the first limit you'll hit will be the Duplicate Certificate limit, which would stop you at the fifth such certificate.
The application of these two limits depends on whether the list of names covered by the new certificates is the same or different.
Yes, I’m interested in request certificates for the same domain fimlsgreat.tk
Can I find out when I reach the limit of duplicate certificates?
Do i can get count/numbers of created sertifications for a domain? Or Can I get a number limit?
There is currently no API or interface to find out about the duplicated certificates. Some of the online debugging tools that people have made here like https://letsdebug.net/ and https://check-your-website.server-daten.de/ may be able to make a guess based on Certificate Transparency data. Overall, Let’s Encrypt users are expected to take precautions themselves to avoid hitting issuance rate limits.
Is there some reason that you need to create duplicative certificates instead of re-using an existing certificate? A certificate with its matching private key can be used on an unlimited number of machines; you don’t need a separate or distinctive server per-machine.
Is there some reason that you need to create duplicative certificates instead of re-using an existing certificate? A certificate with its matching private key can be used on an unlimited number of machines; you don’t need a separate or distinctive server per-machine.
Aging backup.
As example:
2020 y. I save backup of certification.
CertBot renew certificates automatically before they expire. Not doing backup.
2023 y. I am changing my server (VDS) and I need a backup. I take a backup that was created in 2020. But this backup may no longer work? I can not restore the certificate from the backup on the server?
It’s true that a certificate backup from 2020 won’t work in 2023 due to expiration of the certificate, but I wonder if you have some misconceptions about Let’s Encrypt’s certificates.
Each Let’s Encrypt certificate is only valid for 90 days. Each renewal simply involves replacing a copy of the old certificate with a copy of a freshly-issued certificate (with the same domain name coverage). The rate limit we’re discussing resets after just one week.
There’s no way that any particular certificate issuance or backup strategy could directly allow you to use old Let’s Encrypt certificates from a backup that’s more than 90 days old, since no such backup could contain a Let’s Encrypt certificate with ongoing validity.
The duplicate certificate rate limit prevents you from creating more than 5 duplicate certificates within 1 week. Creating 1-2 duplicate certificates is obviously less than 5, so it’s fine.
The new orders rate limit means that will take time to renew hundreds of certificates, but you can do it.
3 years from now, Let’s Encrypt might have looser rate limits, though!
You should take more frequent backups, though. Installing 3 years of software updates is probably a pain.