Different config directory for each sub domain

I am using certbot to pre-generate certificates for sub domains.

I observed that if I provide a different configuration directory to certbot for each subdomain the files under accounts directory for each subdomain i.e. meta.json, private_key.json and regr.json are different.


certbot certonly --webroot --config-dir /etc/cust10 -n --agree-tos --email support@mydomain.com -w /usr/share/nginx/html -d cust10.mydomain.com

This seems innocuous to me since I was able to renew certificates for each subdomain. I use the same email address (support@mydomain.com) when requesting certificate for each of the subdomains.

However I want to make sure I don’t violate any terms by associating numerous accounts with this one email.

Also off topic: What would be the maximum time LE takes to issue/renew a certificate?

That's fine; the rate limits for generating new registrations (per IP) are rather high, and other than that, there are no rules against this. The Integration Guide suggests using a single account, but if none of the reasons for doing so apply to you, not doing that doesn't sound like a problem to me.

I don't think any SLAs have been published for that. In terms of outages, I think there've been maybe a handful of incidents, mostly in the sub 30-minute range. Take a look at the status history to get a full picture.

Thanks for your response and pointer to the Integration Guide.

From the guide, “We will be unable to effectively adjust rate limits if many different accounts are used.”

Is it talking about the rate limits per tld? Or separate rate limit associated with account key?

I know you mentioned rate limits for registrations per IP being high but I am a little unclear what is it that determines the rate limit - account key, email or IP of machine generating certificate requests?

There are rate limits that apply to domains, IPs and accounts. They’re all documented here.

The only one that’s per IP is the limit for new registrations (500 per 3 hours).

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.