We want to use letsencrypt on the test servers (each test server has domain of 4 level and may have multiple level domain 5) for testing the interaction of our service billing with sandboxes. They need proven certificates, so the staging mode is not for us. Is it possible to somehow increase the limit?
I’m not sure I understand your configuration here, or which specific limit you would hit.
Are you regenerating the “test servers” on a regular basis and hence need new certs ? or could you explain the scenario in a bit more detail please.
You understood correctly. we generate new domains 4 level on a regular basis (auto-increment). These test servers do not live long.
on the day of our testers and developers are creating about 50 test servers. To each server creates its own domain: build_id.domain3.domain2.com.
where ID is auto-increment counter. (unique key)
Can we apply it letsencrypt for this case?
You may be better off purchasing a wildcard cert for this scenario … although it should be possible to set up using Let’s Encrypt with a small amount of work.
Do you know all the “ID’s” you are likely to use on that test day ? if so you could generate a single cert for all 50 subdomains, and place it on the test servers ( which would only be one cert, so well within the limits )
Let’s Encrypt does have a form for requesting an increase in the rate limit, it states though
- Certificates for more than 500 subdomains of a particular domain. Note that only subdomains are rate-limited, so if you have a large number of domains which are not subdomains you will most likely not need a rate limit adjustment.
- A very large number of domains for which issuance requires more than 300 pending authorizations at any given time.
If your use case is not described above please do not use this form.
So I don’t think you fall within that scope.
I’ll think through some other ideas, and hopefully someone else has some suggestions of methods you could use as well.
Is this all internal to your business? Why are you even using a third-party CA? You’re supposed to run your own CA if you control all the machines.
I would recommend finding a way to either use the same hostname for each test you run, or generate and use your own certificates. If you tell us more about your specific testing setup we may be able to provide more specific advice on how to solve your problem.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.