Clarification on Certificate Limits Per Week


#1

Hi there,

Apologies if they might have been answered elsewhere or if I might be missing something. I am interested in finding out more about the certificate limits and whether they apply per registered domain space, IP, or both. Referencing the below doc:

Some background, my company owns over 1000 unique registered domains. We would like to use Let’s Encrypt as our CA. The issue we are concerned about is getting these domains registered with Let’s Encrypt. We want to run a batch job to get them onto our hosts sourced from one server and will be running the requests several minutes apart. We likely will only need to make up to 5 requests per registered domain, although may consider wildcards or using SANs and roll it into one request.

For the 50 request limit, is that tied per domain or total requests via IP? As an example, say I have the below registered domains:
example.com
example.co
‘example.party’
example.co.uk

I want to issue certificates for these domains and subdomains. My understanding is that if I reached the certificate limit for the list of registered domains per week, I could issue a total of 200 requests(50 requests * 4 registered domains). Or is this inaccurate and I could only issue 50 requests for the entire list of domains?

Thank you in advance for your help in understanding more about the rate limiting implications.


#2

That’s correct - you can get up to 50 new certificates per registered domain per week. If you have just 5 subdomains for each registered domain you are unlikely to run into this limit at all.

(If you have reached the limit you can’t get any new certificates until the first one rolls out of the sliding window, but you can still renew your existing certificates).

If you are planning to obtain thousands of certificates in a batch, you are more likely to run into the “New Orders” limit of 300 per 3 hours, per account.


#3

Awesome! Thanks for your help. The team will be happy to hear this. :sunglasses:


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.