I already have an established Let's Encrypt account with over 1000 certificates issued across distinct domains, and I've always respected the standard rate limits (300 new orders/3hrs per account, 50 certs/registered domain/week, etc.).
Question: Do these per-account limits (like new orders per 3 hours) ever increase automatically over time based on compliant, high-volume usage? For example, now that I've built up significant certificate history, has anyone noticed the limits scaling up without requesting an override? Or do they remain fixed regardless?
Our worry is: what happens if we lose current certificate storage how long will it take for us to recreate certificates for 1000 all different domains with our single account? Did we understood correctly that our limit will be: 300 per 3 hours, so that in about 9 hours (3+3+3) we will be able to have 900 certificates?
I know manual limit increases are available via support, but I'm wondering if there's any automatic adjustment for proven accounts.
That math sounds about right. I suspect that in a disaster affecting your storage and backups, that'd be the least of your worries, though. You could use more than one account to make it a bit faster, and you could also spread the load across multiple CAs. There are many CAs besides Let's Encrypt that support the ACME protocol, and several of them also offer free certificates.
In fact, I'd suggest that for a high-availability-needed production environment, it should be normal for each domain to have an active certificate from each of at least two CAs, with staggered expirations, to be able to readily handle if one CA suddenly has a problem of some sort (that requires revoking and replacing the certificates on short notice, or not serving CRLs/OCSP correctly, or whatever). For instance, Wikipedia does this, with different datacenters serving certificates from different CAs (so they're all proven to work in production) and a plan to quickly move all datacenters to just using one or the other if one of the CAs has some sort of problem.
Why would you worry about this? Sounds like you're a professional company. And I assume, as a professional company, you have a tested and properly functional backup system which includes the certificate storage (including their private keys).
Not sure why this is a "Let's Encrypt problem" when a failure of properly functional backups is more of a "you problem"
This is actually what we do in Cloudflare with Universal SSL. Active certificates (vast majority are from Google Trust Services) are followed 7-10 days later with backup certificates from Let's Encrypt or Sectigo.
how long will it take for us to recreate certificates for 1000 all different domains with our single account? Did we understood correctly that our limit will be: 300 per 3 hours, so that in about 9 hours (3+3+3) we will be able to have 900 certificates?