Feasibility of rate limit increase

Hello,

We intend to provide our users their own sub-domains under our domain. For eg. a user gets the sub-domain username.our-domain.com. Each user can use arbitrary sub-domains under this domain that they are provided. Hence, we need to generate a wildcard certificate for each user (*.username.our-domain.com). So, the number of certificates scales with our number of users.

Clearly, we will hit the "50 certificates per registered domain" limit pretty quickly if we get more than 50 new users in a week. We intend to use a single account for creating the certificates. We can't group multiple host-names in a single certificate, as the users will then have to wait for at least a certain number of new users to sign up before they get a certificate for their subdomains (we can only have this if we consistently get a high number of new users in a small period of time).

So I was wondering if this is a valid enough use-case for the rate limit to be increased? I wanted to ask before we move on to implementing the integration. Provided the rate limit is increased, by how much can I expect it to be increased? Is there also some kind of payment subscription that we can possibly make to increase the rate limit?

Thanks!

2 Likes

Welcome to the Let's Encrypt Community :slightly_smiling_face:

If you are a large hosting provider or organization working on a Let’s Encrypt integration, we have a rate limiting form that can be used to request a higher rate limit. It takes a few weeks to process requests, so this form is not suitable if you just need to reset a rate limit faster than it resets on its own.

6 Likes

If unrelated users get subdomains under the same apex domain, you'll probably want to look at the Public Suffix List (PSL) for (mostly) security reasons.

A byproduct is that you won't run into the 50 certs per domain rate limit, as Let's Encrypt also uses the PSL. Do note that this byproduct is NOT a valid reason to be included in the PSL. The reason for being included in the PSL is security reasons due to users being able to register subdomains under the same apex domain.

7 Likes