I work for a company that effectively hosts websites for our customers, on their own domains. We’d like to use Let’s Encrypt (once it’s fully launched) to automatically issue certificates for all our customers. I’m wondering if there are any sort of rate limiting or throttling issues we’d need to be aware of before embarking on a project like that. We’re looking in the ballpark of 10000-20000 per year, which when business days and working hours are taken into account, probably works out to something on the ballpark of 8 per hour.
Also, is there any sort of “vetting” or scrubbing you do on domain names? If a domain is refused by Let’s Encrypt for some reason, is there a process in place for appealing that?
Interesting. Those posts are very informative. I can see we’ll have to wait for the rate limit to be increased a lot before we’ll be able to do much with Let’s Encrypt.
I’m still not clear what, if any, vetting Let’s Encrypt does on domain names. For example, if I tried to get a certificate for (assuming I owned the domain) googlesearchhelp.com or googleadwordsoptimization.com, would Let’s Encrypt allow it, or block it due to “google” being in the name, as some other certificate issuers do?
Of course they check the domain. To be more exactly: They prove that you own the domain. That's done automatically.
However I think if phishing domains are discovered they might also revoke issued certificates and probably set these domains on blacklist.
However that's done afterwards and you need to wait for a official answer from Let's Encrypt to know how exactly they do it.
Rate limits on hosting providers with whom we have an active communication channel will be different than individuals. I’d encourage you to reach out to sponsor@letsencrypt.org, say you’re a hosting provider and explain your interest.