How many certificates can one use

#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: skar.us

I ran this command:

It produced this output: N.A.

My web server is (include version): Apache 2+

The operating system my web server runs on is (include version): Ubuntu

My hosting provider, if applicable, is: N.A.

I can login to a root shell on my machine (yes or no, or I don’t know): N.A.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): N.A.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): N.A.

My Question is:
How many Certificates can I use from Let’s Encrypt ?
Does the Certificates support WildCard Domains ?
The main reason is that I need Certificates for my sub-domains as well, mainly for:
skar.us
.skar.us
static.skar.us

All such sub-domains are important to me to run with SSL.

The main reason of my answer is the last domain static.skar.us that will only serve static resources used for many sub-domains and the parent domain. The resources are like css, JavaScript and other resources. I need SSL for this one. The need can be seen as a PANIC for me. I mean I need it so much that I can drop the SSL for a few sub-domains, but not this one. I want the traffic for static.skar.us to pass through SSL like https://static.skar.us/ .

Please tell, what does your policies say ?

Please answer.

Thank You

#2

A lot. The rate at which you can issue certificates is controlled by rate limits, rather than absolute numbers, and most of them are per-domain.

It’s easy to have dozens or hundreds of certificates (and possible to have far more).

Yes, but Let’s Encrypt requires that you use DNS validation for wildcards, instead of HTTP or TLS-ALPN validation, and DNS validation can be hard to automate with some DNS services (like Namecheap).

And since a certificate can have up to 100 names (any or all of them being wildcards, or not), and issuing many certificates is easy and free, it’s often unnecessary to use wildcards.

#3

Hello mod, please check my edit !

#4

What part of your question was not addressed in @mnordhoff’s reply? Because it looks pretty complete to me.

#5

Can I use multiple SSL certificates for just one Domain as to be used for it’s sub-domains ?

#6

Yes, consistent with the rate limits already cited. For example, this configuration would be perfectly valid:

#7

I have a sub-domain (like static.skar.us) used to serve sensitive static content like css, JavaScript and image files. I have a question on getting separate certificates. A separate certificate for the sub-domain other than the parent domain ( skar.us in this case ).
My question is:

Is it considered ethical or moral in your terms / policy ?

This is my question.
I want to depend on your service and calming my nerves is what it needs.

#8

Yes.

Though you could use only one certificate, if you prefer.

The Let’s Encrypt Subscriber Agreement is here:

#9

Nothing in Let’s Encrypt’s policies addresses “ethical” or “moral”, but as you’ve already been told, it’s entirely permissible, not to mention very common, to do exactly what you’re describing.

Edit: Again, it seems to me that we’ve already answered this question a few times in this thread. Could you explain how you thought it wasn’t answered previously? IOW, what are we missing in your question?

#10

@danb35 : I got your point.

But I want to use Let’s Encrypt.
So making sure the Let’s Encrypt service will continue and I will be able to use it’s certificates is what I wanted to make sure.

I was nervous because I didn’t want to abuse / exploit the freedom.
But as to reveal as well that I require certificates apart from parent domain. I wanted to confirm for the sub-domain for static resources, which is critical to me.

And I got my answer.
And also that I can use it for other sub-domains for the same domain. Some of these domains have come in existence and some will be created in future.

But,
Thanks for the answer and I appreciate the cause of Let’s Encrypt.
I will be using it for my work.

Thank You