I have question about rate limit


#1

Before questioning,
I am not good at english. so I can not understand this documentation well.
https://letsencrypt.org/docs/rate-limits/

So I question accurate meaning of this documentation.

  1. There is no limit to the number of certificates that can be issued to different registered domains. A registered domain is an effective TLD plus one label. For instance, in www.example.com, the registered domain is example.com.
    -> I think it means issuing diffrent registered domains is no limit. But I don’t understand " an effective TLD plus one label" What is mean? So I can issue this sites without rate limit?
    Let me example. www.hyunjoon.com & test.hyunjoon.com & hyunjoon.com are all diffrent registered domains?
    I can’t understand this.
  2. Certificates/Domain limits how many certificates can be issued that contain a single registered domain. This is limited to 20 certificates per domain per week.
    -> It means registered domain is root domain? I can make 20 cert per week for subdomain?
    Or I can make 20 cert per week about already issued domain?
  3. Registrations/IP address limits the number of registrations you can make in a given time period; currently 500 per 3 hours. This limit should only affect the largest users of Let’s Encrypt. Please utilize our staging environment if you’re developing an ACME client.
    -> It means In my server, I can issue 500 cert per 3 hours? or I can make 500 agent id at same server per 3 hours?

Let show me an example please.

thx.


#2
  1. The registered domain is a top level domain (like .com) plus one DNS label. For all of the following domains, the registered domain would be example.com: example.com, www.example.com, foo.example.com, foo.bar.example.com.
  2. For each certificate you issue, the counter for all registered domains appearing on that certificate is increased by one. If you issue one (SAN) certificate for example.com, www.example.com and foo.example.com, the rate limit counter for example.com will be increased by one, meaning it does not matter how many subdomains of the same registered domain you include. With the rate limit of 20 certificates per week and the limit of 100 domains per certificate, you can cover up to 2000 subdomains of the same registered domain per week.
  3. The registration is basically your account on the ACME server, a way to associate any certificates you create with a parent object you own. In almost all scenarios, you end up creating just one registration, and all certificates you create belong to that one registration (that’s the default behaviour of certbot and many other clients).

#3

so Thank you for your effort.
always I awe you


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.