I would to clarify about the way how Let’s Encrypt interacts with public domains that belongs to Public Suffixes List.
If I let’s say have my enterprise domain mydomain.com and I would like to have shared subdomain for my customers apps.mydomain.com, for example.
Then my customers are running their own apps by urls
The domain apps.mydomain.com is added to PSL respectively so they are considered as independent enteties.
Basically the question is:
Will my customers be able to issue their own LE certificates for their websites (like customer-one.apps.mydomain.com) if the number of issued certificates have already reached its limit for the base domain mydomain.com ?
Thank you in advance!
I'm not quite sure how your base domain would affect, but from the rate limit determination of *.apps.mydomain.com, each of the subdomains are considered as a "new domain" for rate limit purpose. (So you can imagine your apps.mydomain.com would effectively become something similar to a domain extension)
1.apps.mydomain.com's rate limit will not appear on 2..apps.mydomain.com.
However, if these apps are hosted on your server, maybe you want to consider getting a wildcard certificate for all subdomains of apps.mydomain.com?
Yes, they will each have their own rate limits.
There is something you need to keep in mind, though: you won't be able to get a certificate for
apps.mydomain.com -- it would be just like asking for a certificate for
.com. I don't know how this applies to
So you should probably register a second domain
myuserapps.com and put that one in the PSL.
@9peppe Thank you for your replies here, they helped me also. I just wanted to point out that according to this Wildcard certificates and Public Suffix List you can issue a LE certificate for a domain that’s in the private section of the Public Suffix List, just not for one in the ICANN section (.com, .org, etc.). So, unless something has changed since @jsha’s reply in that post, @jacky.jones should be able to get a certificate for
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.