How many domains in a certificate?


#1

We have a cloud front application hosted on AWS server. Our customers use to have there personalized domain name associated with our server. We have following questions related to Letsencrypt certificate:

  • How many domains we can add in a certificate? Can we update certificate later when new domains are available?
  • How long a certificate is valid for? And can we set it to auto-renew?
  • How many certificates we can generate? Is there any limit?

Note: Domain in my questions refers to any domain like www.abc.com, www.xyz.com etc.


#2

Hi @jatinderbahl

please read the basics.

and


#3

Up to 100, any or all of which may be wildcards.

You can replace it with a new certificate.

90 days.

Yes, but you need to set up the software to do this on your side.

There is no absolute upper limit, only the rate limits that @JuergenAuer linked above.

As an aside, AWS Certificate Manager is provided to Cloudfront users at no additional cost, so that may be a better fit for you - unless you’ve already tried it and found some limitations?


#4

In AWS, we are getting free certificates but that require domain verification using CNAME, which means user need to visit their DNS admin to add CNAME provided by AWS. This process takes around 15-20 minutes before issuing the certificate.

As per my understanding with LetsEncrypt, we do not need to do any such process and certificate is issued immediately. Please confirm.


#5

Domain validation is still required, but it is designed so that responding to the validation challenge can be automated. The usual method (known as http-01) involves creating a temporary file at a special URL with prescribed content. So as long as the domain is pointed at your server you can do this automatically. It’s not instantaneous but it is quick, personally I find it typically takes about half a minute but if you have lots of domains to validate or a slow server then it might take longer.

There is also a DNS based validation method available for those who need it.


#6

Can you please point me to detailed description steps to do this?


#7

We are .net developers, and it would be great if you can send me any sample code in C# that will help us to generate and renew certificates easily.


#8

Most people just use an existing client application, for example https://certbot.eff.org has instructions on how to use Certbot (which is written in Python, but you don’t need to know Python to use it, just run it as a shell command).

If you want to do your own integration, there are a couple of .NET libraries listed on the client options page. In that case please also read the integration guide.