Limit for issuing/renewing certificates for a domain


#1

Our servers are hosted by a provider (that is a Letsencrypt sponsor) and their FQDN are managed by him.
He is using its own domain name for that.
For provider internal reason, it is not allowed to change it.
Our servers are protected by identity management agents that require the FQDN and a corresponding certificate.

Letsencrypt have limitation regarding certificate emitted for a domain name.
We don’t have any control about the number of certificates emitted for that provider domain name.
This is really a problem, maintenance and renewal may not be guaranteed.
Any solution for such case ?


#2

Hi @micwic

I don’t understand fully, sorry. Could you possibly use the real domain names ? or if not at least an example.

As I understand it, your hosting provider has a domain “hostingprovider.com” and they of course manage everything to do with “hostingprovider.com” and all it’s subdomains.

You have a domain “micwic-domain.com” ? or do you use “micwic.hostingprovider.com” ?

If you are using “micwic-domain.com” then you have full control of your domain.


#3

Renewal will be guaranteed with the upcoming changes in Boulder.


#4

To clarify, the FQDN is “server.hostingprovider.com” and I’m using “my-subdomain.my-domain.com” to allow access to the server (DNS).
I don’t say I have no control on my domain.
I say I can’t control how many requests for a certificate are done for the domain “hostingprovider.com”.
In my certificate request I have both “server.hostingprovider.com” and “my-subdomain.my-domain.com”, because I need both.
In my last attempt to get a certificate I was notified that too many certificates was delivered for hostingprovider.com.
I have to wait 7 days for now.


#5

Your provider has to submit a pull request to the public suffix list, so the certificate limit is per subdomain of hostingprovider.com, not hostingprovider.com directly.


#6

Thanks for the quick response.
Best Regards


#7

Great new, can’t wait.
Best Regards