Domain Registrar Rate Limited

I work for a domain name registrar and we want to secure about 1 million domains using LetsEncrypt. Is this an acceptable use of LetsEncrypt?

Most of the domains are parked, or have for sale landing pages on them. But it would be nice if we could secure them. And about 100,000 have websites using our in-house site builder we would like to secure.

We applied for a rate limit increase using the rate limit form about 2 weeks ago. We have not heard back, though it does say it takes a few weeks to process.

My question is should we take any other action, or just wait. Thank you.

Hi @todd1

yes, that's ok.

If you use one account to create all these certificates, then you need an increase. If you create one account per domain (or per 200 domains), you don't need a rate limit increase.

Most rate limits are domain based: Max. 50 certificates / domain / week, max. 5 identical / week.


You can create a maximum of 10 Accounts per IP Address per 3 hours. You can create a maximum of 500 Accounts per IP Range within an IPv6 /48 per 3 hours. Hitting either account rate limit is very rare, and we recommend that large integrators prefer a design using one account for many customers.


For users of the ACME v2 API you can create a maximum of 300 New Orders per account per 3 hours.

Hi! We don’t have an official policy on domain parking, but here are my thoughts: Our main goal is to protect as much browsing activity as possible for as many users as possible. We really care about making the “Percentage of Page Loads over HTTPS” numbers at go up, and also extending the protections of HTTPS to sites that wouldn’t otherwise be able to get it, at very low cost.

Parked domains have very few users in general, so they are a less efficient use of Let’s Encrypt resources, and the resources of CT Log operators, than active websites are.

I think it makes a lot of sense to use Let’s Encrypt to get certificates for your domains that have active websites on them via your website builder. I think, for now, it would be better to not issue certificates to parked domains until they are purchased or have a real website deployed on them.


Thank you for your detailed response. I checked with our engineers and we are using one account, as suggested for large integrators.

Here are some numbers on our business:

  • We register about 5000 new domains per day.
  • We have about 1.5 million existing domains whose certs would have to be renewed every 3 months. That is about 16000 ssl certs a day.

So we would need a quota of about 5000 + 16000 = 21000 ssl certs a day, or about 900/hour. That said an even large quota would be appreciated, so we can hurry up and get those 1.5 millions domains secured immediately, instead of over a 90 day period.

Thank you for your consideration.

We were hoping to secure all the domains in our system, but I understand if there are not enough resources.

For domains that are not parked, we have 800,000 domains. I believe we would still need a quota increase.

Hello, just wondering if we are going to get a rate limit increase? We submitted the google form about a month ago. Let me know if I need to do anything else to move the process forward.

Thank you.

Instead of parking you should let the domains expire, than you don’t need to waste everybodys resources

Parking is one way for registrants to see that their domain is expired. We do send out many expiration emails to the registrant. But sometimes their email is not working, or they don’t check their emails. When they see (or their users see) that their domain is parked, they will know they have to renew their domain.

Parking is pretty industry standard I believe. I can’t think of a registrar that doesn’t park the domain when it expires.

Would love to add LetsEncrypt to our domains. Imagine a million domain names secured from registration all the way to expiration. Just need a rate limit increase. :pray:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.