Exceeding certificate creation limitations

We are creating a Landing Page application where many domains will go to our application to present landing pages.

We believe that we need to generate certificates on our end for all domains pointing toward our service.

We want to use Let's Encrypt and automate the generation of certificates.

However, we heard that there a limitations in the number of certificates that we will be allowed to generate.

  1. Are there limitations on the number of certificates that we can generate from Let's Encrypt?
  2. If so is there a way around it? Possibly becoming a Hosting Partner?

Thank you!


You probably want to take a look at at least these pages in the documentation:

In short,

  1. Yes.
  2. For large integrations, you can request increased rate limits, but the limits are pretty generous and it's rare that such increases are actually needed.

Can you please share why you were unable to answer this question yourself? Was the page not coming up on search results? Could it have been linked to better from the home page or documentation index?


Hi there and welcome to the community!

Speaking solely for myself and no one else associated with Let's Encrypt or ISRG, I think that the concept behind this question is perhaps not in keeping with ISRG's mission statement of reducing barriers to a secure Internet. I think that if an organization wanted to become a Hosting Partner or make a donation to the org, it should be a donation or sponsorship that wouldn't come with any preferential treatment, up to and including increasing rate limits.

I think that LE has historically done pretty well when it comes to identifying the proper times to increase rate limits across the board for anyone who wants certificates and in response to incidents. If indeed your org were to begin offering LE certs to your clients and you came across a problem with issuance due to rate limits, I trust the LE staff to make a proper determination on whether or not to increase limits temporarily.

Also, I strongly encourage you to take a look at @jvanasco's question about documentation feedback. If you don't feel as if the links which Peter provided were useful or you were unable to immediately determine the answer for your situation, I'm sure the LE team would like to know so that they can make improvements.


I feel like we're jumping on @edaydeveloper for asking their question just because they could have googled some of it. Someone with an anticipated problem is looking for a pre-emptive solution, what the solution actually should be is up for debate, regardless of which solution currently LE wants to support.

I know the thought of having paid features is anathema to many in the community but for those who actually want to do the paying it's just that they're trying to find a way to avoid artificial roadblocks that they can plainly see ahead. Can they fill out the rate limit form in advance of starting their rollout to customers? We know the current rate limit extension process involves batch updates which don't provide immediate results. Obviously nobody wants to implement anything that will negatively impact other users, so there's no suggestion that paying users should be allowed to abuse the API etc.

The topic of paying for pre-emptive rate limit increases came up again recently: Please give an option to pay for extra rate limit

We can also argue that all users should be reading the docs and adjusting their strategy instead of trying to pay for the problem to go away, but knowing all about the rate limits doesn't make them go away.

The implementation complexity/administration of providing payment infrastructure is anticipated as a big deal but the reality is a Stripe/Paddle subscription purchase link coupled with a webhook for activation is not especially onerous and at (for example) $24.99 at month for 1,000 special case users you get nearly $300,000 USD of extra income to support/improve the LE service as a whole (2 extra staff or additional cloud budget perhaps?).

Much is made of the difficulty in funding open source and open services in the OSS community (I have this problem myself, especially for https://openchargemap.org), so walking away from people with money in their hands is something it's worth thinking twice about unless you're supremely confident your major sponsors will never dry up, especially if accepting that payment doesn't compromise any specific ideal the project was founded on. Nobody is suggesting LE certs should be paid for, but the rate limits are a very obvious way of adding value (even if they people paying for pre-emptive extensions never use them, they just see a potential problem and are looking to pay for that safety net).


I think's it's fair enough to assume that the situation I described was not what OP meant by "becoming a Hosting Partner" and it's also fair to say that my interpretation is also another way of describing what they were talking about. If I was wrong in the interpretation of the question, I apologize and retract my entire first paragraph.

I do still stand by my opinion that "getting around the rate limits" is not necessary because the LE staff is good about not needing to increase rate limits arbitrarily and had good judgment when they decided what the rate limits would be.


Absolutely, and it may not ultimately be something Let's Encrypt will ever want to change, in which case it's up to other ACME CAs to decide if it's something worth doing.


Limits are 100 FQDN per certificate and 300 new orders every 3 hours. You can get certificates for 100*300 = 30000 FQDN every three hours. Is that not enough?

The real limit is in how many of those 300 certificates is your webserver capable of handling at once.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.