We have Webshop SaaS and customers can connect their domains to their shops. We use Let’s Encrypt to automatically generate certificates these domains.
We are working with our CDN partner, and one of their requirements on us is to minimize the number of distinct live certificates we use. For that reason we try to bundle as many domains as possible on the same certificates, up to the limit of 100 domains per certificate. This leads to some restrictions when choosing which certificate to add new domains to and regenerate.
We choose which certificate to add the new domain to and regenerate based on:
- Certificate has room for more domains.
- All registered domains in that certificate are within rate limits (problem area).
- Prefer certificate that contain the same registered domain.
- If we couldn’t find a certificate we will create a new one.
The problem occurs when the owner of a registered domain has used Let’s Encrypt to generate certificates for other subdomains not known to our system.
When we later try to add new domain to a certificate and regenerate it, our system thinks that all the registered domains currently on the certificate are well below the rate limit. But they are in fact not because one of the registered domains has generated certificates outside our system.
Is it possible to raise the Certificates per Registered Domain rate limit for our account? I was looking at the form for raising rate limits but the needs specified there does not really apply to us.